mirror of
https://github.com/actions/actions-runner-controller.git
synced 2025-12-10 11:41:27 +00:00
Compare commits
59 Commits
update-run
...
gha-runner
| Author | SHA1 | Date | |
|---|---|---|---|
|
309b53143e | ||
|
|
7da2d7f96a | ||
|
|
e06c7edc21 | ||
|
|
9fba37540a | ||
|
|
a68aa00bd8 | ||
|
|
9b053102ed | ||
|
|
c03fac8fdd | ||
|
|
d72774753c | ||
|
|
f7b6ad901d | ||
|
|
728f05c844 | ||
|
|
c00465973e | ||
|
|
5f23afaad3 | ||
|
|
47dfed3ced | ||
|
|
1f9b7541e6 | ||
|
|
a029b705cd | ||
|
|
3fab744a4f | ||
|
|
fe8c3bb789 | ||
|
|
e40874f67f | ||
|
|
d7d479172d | ||
|
|
31352924d7 | ||
|
|
3e4201ac5f | ||
|
|
a44b037d6b | ||
|
|
e11beea49b | ||
|
|
bfadad0830 | ||
|
|
f7eb88ce9c | ||
|
|
0fd8eac305 | ||
|
|
b78cadd901 | ||
|
|
202a97ab12 | ||
|
|
b08d533105 | ||
|
|
0bfa57ac50 | ||
|
|
2831d658c4 | ||
|
|
0f40f6ab26 | ||
|
|
5347e2c2c8 | ||
|
|
1cba9c7800 | ||
|
|
2c29cfb994 | ||
|
|
4f89ac5878 | ||
|
|
64778a828e | ||
|
|
8e484637f9 | ||
|
|
b202be712e | ||
|
|
fb11d3bfd0 | ||
|
|
7793e1974a | ||
|
|
8aa04dd2be | ||
|
|
2939640fa9 | ||
|
|
65fd04540c | ||
|
|
1ae5d2b18e | ||
|
|
862bc1a9dd | ||
|
|
95487735a2 | ||
|
|
16815230bb | ||
|
|
2646456677 | ||
|
|
62eca94e45 | ||
|
|
510b1d82e5 | ||
|
|
b511953df7 | ||
|
|
2117fd1892 | ||
|
|
e1edb84abe | ||
|
|
f14dbd68f1 | ||
|
|
bffcb32b19 | ||
|
|
ea2443a410 | ||
|
|
ba91c183b5 | ||
|
|
e10a1cc7a3 |
3
.github/ISSUE_TEMPLATE/config.yml
vendored
3
.github/ISSUE_TEMPLATE/config.yml
vendored
@@ -1,5 +1,8 @@
|
|||||||
blank_issues_enabled: false
|
blank_issues_enabled: false
|
||||||
contact_links:
|
contact_links:
|
||||||
|
- name: Feature requests for the gha-runner-scale-set (actions.github.com API group)
|
||||||
|
about: Feature requests associated with the actions.github.com group should be posted on the GitHub Community Support Forum
|
||||||
|
url: https://github.com/orgs/community/discussions/categories/actions
|
||||||
- name: Sponsor ARC Maintainers
|
- name: Sponsor ARC Maintainers
|
||||||
about: If your business relies on the continued maintainance of actions-runner-controller, please consider sponsoring the project and the maintainers.
|
about: If your business relies on the continued maintainance of actions-runner-controller, please consider sponsoring the project and the maintainers.
|
||||||
url: https://github.com/actions/actions-runner-controller/tree/master/CODEOWNERS
|
url: https://github.com/actions/actions-runner-controller/tree/master/CODEOWNERS
|
||||||
|
|||||||
113
.github/ISSUE_TEMPLATE/github_bug_report.yaml
vendored
Normal file
113
.github/ISSUE_TEMPLATE/github_bug_report.yaml
vendored
Normal file
@@ -0,0 +1,113 @@
|
|||||||
|
name: Bug Report (actions.github.com API group)
|
||||||
|
description: File a bug report for actions.github.com API group
|
||||||
|
title: "<Please write what didn't work for you here>"
|
||||||
|
labels: ["bug", "needs triage", "gha-runner-scale-set"]
|
||||||
|
body:
|
||||||
|
- type: checkboxes
|
||||||
|
id: read-troubleshooting-guide
|
||||||
|
attributes:
|
||||||
|
label: Checks
|
||||||
|
description: Please check all the boxes below before submitting
|
||||||
|
options:
|
||||||
|
- label: I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
|
||||||
|
required: true
|
||||||
|
|
||||||
|
- label: I am using charts that are officially provided
|
||||||
|
- type: input
|
||||||
|
id: controller-version
|
||||||
|
attributes:
|
||||||
|
label: Controller Version
|
||||||
|
description: Refers to semver-like release tags for controller versions. Any release tags prefixed with `gha-runner-scale-set-` are releases associated with this API group
|
||||||
|
placeholder: ex. 0.6.1
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: dropdown
|
||||||
|
id: deployment-method
|
||||||
|
attributes:
|
||||||
|
label: Deployment Method
|
||||||
|
description: Which deployment method did you use to install ARC?
|
||||||
|
options:
|
||||||
|
- Helm
|
||||||
|
- Kustomize
|
||||||
|
- ArgoCD
|
||||||
|
- Other
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: checkboxes
|
||||||
|
id: checks
|
||||||
|
attributes:
|
||||||
|
label: Checks
|
||||||
|
description: Please check all the boxes below before submitting
|
||||||
|
options:
|
||||||
|
- label: This isn't a question or user support case (For Q&A and community support, go to [Discussions](https://github.com/actions/actions-runner-controller/discussions)).
|
||||||
|
required: true
|
||||||
|
- label: I've read the [Changelog](https://github.com/actions/actions-runner-controller/blob/master/docs/gha-runner-scale-set-controller/README.md#changelog) before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes
|
||||||
|
required: true
|
||||||
|
- type: textarea
|
||||||
|
id: reproduction-steps
|
||||||
|
attributes:
|
||||||
|
label: To Reproduce
|
||||||
|
description: "Steps to reproduce the behavior"
|
||||||
|
render: markdown
|
||||||
|
placeholder: |
|
||||||
|
1. Go to '...'
|
||||||
|
2. Click on '....'
|
||||||
|
3. Scroll down to '....'
|
||||||
|
4. See error
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: textarea
|
||||||
|
id: actual-behavior
|
||||||
|
attributes:
|
||||||
|
label: Describe the bug
|
||||||
|
description: Also tell us, what did happen?
|
||||||
|
placeholder: A clear and concise description of what happened.
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
|
||||||
|
- type: textarea
|
||||||
|
id: expected-behavior
|
||||||
|
attributes:
|
||||||
|
label: Describe the expected behavior
|
||||||
|
description: Also tell us, what did you expect to happen?
|
||||||
|
placeholder: A clear and concise description of what the expected behavior is.
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
|
||||||
|
- type: textarea
|
||||||
|
id: additional-context
|
||||||
|
attributes:
|
||||||
|
label: Additional Context
|
||||||
|
render: yaml
|
||||||
|
description: |
|
||||||
|
Provide `values.yaml` files that are relevant for this issue. PLEASE REDACT ANY INFORMATION THAT SHOULD NOT BE PUBLICALY AVAILABLE, LIKE GITHUB TOKEN FOR EXAMPLE.
|
||||||
|
placeholder: |
|
||||||
|
PLEASE REDACT ANY INFORMATION THAT SHOULD NOT BE PUBLICALY AVAILABLE, LIKE GITHUB TOKEN FOR EXAMPLE.
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
|
||||||
|
- type: textarea
|
||||||
|
id: controller-logs
|
||||||
|
attributes:
|
||||||
|
label: Controller Logs
|
||||||
|
description: "NEVER EVER OMIT THIS! Include complete logs from `actions-runner-controller`'s controller-manager pod."
|
||||||
|
render: shell
|
||||||
|
placeholder: |
|
||||||
|
PROVIDE THE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA
|
||||||
|
|
||||||
|
To grab controller logs:
|
||||||
|
|
||||||
|
kubectl logs -n $NAMESPACE deployments/$CONTROLLER_DEPLOYMENT
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: textarea
|
||||||
|
id: runner-pod-logs
|
||||||
|
attributes:
|
||||||
|
label: Runner Pod Logs
|
||||||
|
description: "Include logs and kubectl describe output from runner pod(s)."
|
||||||
|
render: shell
|
||||||
|
placeholder: |
|
||||||
|
PROVIDE THE WHOLE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
name: Bug Report
|
name: Bug Report (actions.summerwind.net API group)
|
||||||
description: File a bug report
|
description: File a bug report for actions.summerwind.net API group
|
||||||
title: "<Please write what didn't work for you here>"
|
title: "<Please write what didn't work for you here>"
|
||||||
labels: ["bug", "needs triage"]
|
labels: ["bug", "needs triage", "community"]
|
||||||
body:
|
body:
|
||||||
- type: checkboxes
|
- type: checkboxes
|
||||||
id: read-troubleshooting-guide
|
id: read-troubleshooting-guide
|
||||||
@@ -146,7 +146,7 @@ body:
|
|||||||
render: shell
|
render: shell
|
||||||
placeholder: |
|
placeholder: |
|
||||||
PROVIDE THE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA
|
PROVIDE THE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA
|
||||||
|
|
||||||
To grab controller logs:
|
To grab controller logs:
|
||||||
|
|
||||||
# Set NS according to your setup
|
# Set NS according to your setup
|
||||||
@@ -166,7 +166,7 @@ body:
|
|||||||
render: shell
|
render: shell
|
||||||
placeholder: |
|
placeholder: |
|
||||||
PROVIDE THE WHOLE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA
|
PROVIDE THE WHOLE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA
|
||||||
|
|
||||||
To grab the runner pod logs:
|
To grab the runner pod logs:
|
||||||
|
|
||||||
# Set NS according to your setup. It should match your RunnerDeployment's metadata.namespace.
|
# Set NS according to your setup. It should match your RunnerDeployment's metadata.namespace.
|
||||||
@@ -177,7 +177,7 @@ body:
|
|||||||
|
|
||||||
kubectl -n $NS logs $POD_NAME -c runner > runnerpod_runner.log
|
kubectl -n $NS logs $POD_NAME -c runner > runnerpod_runner.log
|
||||||
kubectl -n $NS logs $POD_NAME -c docker > runnerpod_docker.log
|
kubectl -n $NS logs $POD_NAME -c docker > runnerpod_docker.log
|
||||||
|
|
||||||
If any of the containers are getting terminated immediately, try adding `--previous` to the kubectl-logs command to obtain logs emitted before the termination.
|
If any of the containers are getting terminated immediately, try adding `--previous` to the kubectl-logs command to obtain logs emitted before the termination.
|
||||||
validations:
|
validations:
|
||||||
required: true
|
required: true
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
name: Feature request
|
name: Feature request (actions.summerwind.net API group)
|
||||||
about: Suggest an idea for this project
|
about: Suggest an idea for this project
|
||||||
labels: ["enhancement", "needs triage"]
|
labels: ["enhancement", "needs triage", "community"]
|
||||||
title: ''
|
title: ''
|
||||||
assignees: ''
|
assignees: ''
|
||||||
---
|
---
|
||||||
@@ -193,7 +193,7 @@ runs:
|
|||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
helm uninstall ${{ inputs.arc-name }} --namespace ${{inputs.arc-namespace}} --debug
|
helm uninstall ${{ inputs.arc-name }} --namespace ${{inputs.arc-namespace}} --debug
|
||||||
kubectl wait --timeout=10s --for=delete AutoScalingRunnerSet -n ${{inputs.arc-name}} -l app.kubernetes.io/instance=${{ inputs.arc-name }}
|
kubectl wait --timeout=30s --for=delete AutoScalingRunnerSet -n ${{inputs.arc-namespace}} -l app.kubernetes.io/instance=${{ inputs.arc-name }}
|
||||||
|
|
||||||
- name: Gather logs and cleanup
|
- name: Gather logs and cleanup
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|||||||
2
.github/workflows/arc-publish-chart.yaml
vendored
2
.github/workflows/arc-publish-chart.yaml
vendored
@@ -63,7 +63,7 @@ jobs:
|
|||||||
python-version: '3.11'
|
python-version: '3.11'
|
||||||
|
|
||||||
- name: Set up chart-testing
|
- name: Set up chart-testing
|
||||||
uses: helm/chart-testing-action@v2.3.1
|
uses: helm/chart-testing-action@v2.6.0
|
||||||
|
|
||||||
- name: Run chart-testing (list-changed)
|
- name: Run chart-testing (list-changed)
|
||||||
id: list-changed
|
id: list-changed
|
||||||
|
|||||||
2
.github/workflows/arc-release-runners.yaml
vendored
2
.github/workflows/arc-release-runners.yaml
vendored
@@ -17,7 +17,7 @@ env:
|
|||||||
PUSH_TO_REGISTRIES: true
|
PUSH_TO_REGISTRIES: true
|
||||||
TARGET_ORG: actions-runner-controller
|
TARGET_ORG: actions-runner-controller
|
||||||
TARGET_WORKFLOW: release-runners.yaml
|
TARGET_WORKFLOW: release-runners.yaml
|
||||||
DOCKER_VERSION: 20.10.23
|
DOCKER_VERSION: 24.0.7
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
group: ${{ github.workflow }}
|
group: ${{ github.workflow }}
|
||||||
|
|||||||
6
.github/workflows/arc-validate-chart.yaml
vendored
6
.github/workflows/arc-validate-chart.yaml
vendored
@@ -28,7 +28,7 @@ permissions:
|
|||||||
contents: read
|
contents: read
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
# This will make sure we only apply the concurrency limits on pull requests
|
# This will make sure we only apply the concurrency limits on pull requests
|
||||||
# but not pushes to master branch by making the concurrency group name unique
|
# but not pushes to master branch by making the concurrency group name unique
|
||||||
# for pushes
|
# for pushes
|
||||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||||
@@ -69,10 +69,10 @@ jobs:
|
|||||||
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
|
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
|
||||||
- uses: actions/setup-python@v4
|
- uses: actions/setup-python@v4
|
||||||
with:
|
with:
|
||||||
python-version: '3.7'
|
python-version: '3.11'
|
||||||
|
|
||||||
- name: Set up chart-testing
|
- name: Set up chart-testing
|
||||||
uses: helm/chart-testing-action@v2.4.0
|
uses: helm/chart-testing-action@v2.6.0
|
||||||
|
|
||||||
- name: Run chart-testing (list-changed)
|
- name: Run chart-testing (list-changed)
|
||||||
id: list-changed
|
id: list-changed
|
||||||
|
|||||||
97
.github/workflows/gha-e2e-tests.yaml
vendored
97
.github/workflows/gha-e2e-tests.yaml
vendored
@@ -16,7 +16,7 @@ env:
|
|||||||
TARGET_ORG: actions-runner-controller
|
TARGET_ORG: actions-runner-controller
|
||||||
TARGET_REPO: arc_e2e_test_dummy
|
TARGET_REPO: arc_e2e_test_dummy
|
||||||
IMAGE_NAME: "arc-test-image"
|
IMAGE_NAME: "arc-test-image"
|
||||||
IMAGE_VERSION: "0.6.1"
|
IMAGE_VERSION: "0.8.3"
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
# This will make sure we only apply the concurrency limits on pull requests
|
# This will make sure we only apply the concurrency limits on pull requests
|
||||||
@@ -880,3 +880,98 @@ jobs:
|
|||||||
helm uninstall "${{ steps.install_arc.outputs.ARC_NAME }}" --namespace "arc-runners" --debug
|
helm uninstall "${{ steps.install_arc.outputs.ARC_NAME }}" --namespace "arc-runners" --debug
|
||||||
kubectl wait --timeout=10s --for=delete AutoScalingRunnerSet -n "${{ steps.install_arc.outputs.ARC_NAME }}" -l app.kubernetes.io/instance="${{ steps.install_arc.outputs.ARC_NAME }}"
|
kubectl wait --timeout=10s --for=delete AutoScalingRunnerSet -n "${{ steps.install_arc.outputs.ARC_NAME }}" -l app.kubernetes.io/instance="${{ steps.install_arc.outputs.ARC_NAME }}"
|
||||||
kubectl logs deployment/arc-gha-rs-controller -n "arc-systems"
|
kubectl logs deployment/arc-gha-rs-controller -n "arc-systems"
|
||||||
|
|
||||||
|
init-with-min-runners:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
timeout-minutes: 20
|
||||||
|
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id
|
||||||
|
env:
|
||||||
|
WORKFLOW_FILE: arc-test-workflow.yaml
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
with:
|
||||||
|
ref: ${{ github.head_ref }}
|
||||||
|
|
||||||
|
- uses: ./.github/actions/setup-arc-e2e
|
||||||
|
id: setup
|
||||||
|
with:
|
||||||
|
app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}}
|
||||||
|
app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}}
|
||||||
|
image-name: ${{env.IMAGE_NAME}}
|
||||||
|
image-tag: ${{env.IMAGE_VERSION}}
|
||||||
|
target-org: ${{env.TARGET_ORG}}
|
||||||
|
|
||||||
|
- name: Install gha-runner-scale-set-controller
|
||||||
|
id: install_arc_controller
|
||||||
|
run: |
|
||||||
|
helm install arc \
|
||||||
|
--namespace "arc-systems" \
|
||||||
|
--create-namespace \
|
||||||
|
--set image.repository=${{ env.IMAGE_NAME }} \
|
||||||
|
--set image.tag=${{ env.IMAGE_VERSION }} \
|
||||||
|
--set flags.updateStrategy="eventual" \
|
||||||
|
./charts/gha-runner-scale-set-controller \
|
||||||
|
--debug
|
||||||
|
count=0
|
||||||
|
while true; do
|
||||||
|
POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
|
||||||
|
if [ -n "$POD_NAME" ]; then
|
||||||
|
echo "Pod found: $POD_NAME"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
if [ "$count" -ge 60 ]; then
|
||||||
|
echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
count=$((count+1))
|
||||||
|
done
|
||||||
|
kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
|
||||||
|
kubectl get pod -n arc-systems
|
||||||
|
kubectl describe deployment arc-gha-rs-controller -n arc-systems
|
||||||
|
|
||||||
|
- name: Install gha-runner-scale-set
|
||||||
|
id: install_arc
|
||||||
|
run: |
|
||||||
|
ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1))
|
||||||
|
helm install "$ARC_NAME" \
|
||||||
|
--namespace "arc-runners" \
|
||||||
|
--create-namespace \
|
||||||
|
--set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \
|
||||||
|
--set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \
|
||||||
|
--set minRunners=5 \
|
||||||
|
./charts/gha-runner-scale-set \
|
||||||
|
--debug
|
||||||
|
echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT
|
||||||
|
count=0
|
||||||
|
while true; do
|
||||||
|
POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name)
|
||||||
|
if [ -n "$POD_NAME" ]; then
|
||||||
|
echo "Pod found: $POD_NAME"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
if [ "$count" -ge 60 ]; then
|
||||||
|
echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
count=$((count+1))
|
||||||
|
done
|
||||||
|
kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME
|
||||||
|
kubectl get pod -n arc-systems
|
||||||
|
- name: Ensure 5 runners are up
|
||||||
|
run: |
|
||||||
|
count=0
|
||||||
|
while true; do
|
||||||
|
pod_count=$(kubectl get pods -n arc-runners --no-headers | wc -l)
|
||||||
|
if [[ "$pod_count" = 5 ]]; then
|
||||||
|
echo "5 pods are up!"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
if [[ "$count" -ge 12 ]]; then
|
||||||
|
echo "Timeout waiting for 5 pods to be created"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
count=$((count+1))
|
||||||
|
done
|
||||||
|
|||||||
6
.github/workflows/gha-validate-chart.yaml
vendored
6
.github/workflows/gha-validate-chart.yaml
vendored
@@ -24,7 +24,7 @@ permissions:
|
|||||||
contents: read
|
contents: read
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
# This will make sure we only apply the concurrency limits on pull requests
|
# This will make sure we only apply the concurrency limits on pull requests
|
||||||
# but not pushes to master branch by making the concurrency group name unique
|
# but not pushes to master branch by making the concurrency group name unique
|
||||||
# for pushes
|
# for pushes
|
||||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||||
@@ -65,10 +65,10 @@ jobs:
|
|||||||
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
|
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
|
||||||
- uses: actions/setup-python@v4
|
- uses: actions/setup-python@v4
|
||||||
with:
|
with:
|
||||||
python-version: '3.7'
|
python-version: '3.11'
|
||||||
|
|
||||||
- name: Set up chart-testing
|
- name: Set up chart-testing
|
||||||
uses: helm/chart-testing-action@v2.4.0
|
uses: helm/chart-testing-action@v2.6.0
|
||||||
|
|
||||||
- name: Run chart-testing (list-changed)
|
- name: Run chart-testing (list-changed)
|
||||||
id: list-changed
|
id: list-changed
|
||||||
|
|||||||
9
.github/workflows/global-run-codeql.yaml
vendored
9
.github/workflows/global-run-codeql.yaml
vendored
@@ -2,7 +2,7 @@ name: Run CodeQL
|
|||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- master
|
- master
|
||||||
pull_request:
|
pull_request:
|
||||||
branches:
|
branches:
|
||||||
@@ -11,7 +11,7 @@ on:
|
|||||||
- cron: '30 1 * * 0'
|
- cron: '30 1 * * 0'
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
# This will make sure we only apply the concurrency limits on pull requests
|
# This will make sure we only apply the concurrency limits on pull requests
|
||||||
# but not pushes to master branch by making the concurrency group name unique
|
# but not pushes to master branch by making the concurrency group name unique
|
||||||
# for pushes
|
# for pushes
|
||||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||||
@@ -27,6 +27,11 @@ jobs:
|
|||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Install Go
|
||||||
|
uses: actions/setup-go@v4
|
||||||
|
with:
|
||||||
|
go-version-file: go.mod
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@v2
|
uses: github/codeql-action/init@v2
|
||||||
with:
|
with:
|
||||||
|
|||||||
2
.github/workflows/go.yaml
vendored
2
.github/workflows/go.yaml
vendored
@@ -51,7 +51,7 @@ jobs:
|
|||||||
uses: golangci/golangci-lint-action@v3
|
uses: golangci/golangci-lint-action@v3
|
||||||
with:
|
with:
|
||||||
only-new-issues: true
|
only-new-issues: true
|
||||||
version: v1.51.1
|
version: v1.55.2
|
||||||
|
|
||||||
generate:
|
generate:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|||||||
@@ -1,2 +1,2 @@
|
|||||||
# actions-runner-controller maintainers
|
# actions-runner-controller maintainers
|
||||||
* @mumoshu @toast-gear @actions/actions-runtime @nikola-jokic
|
* @mumoshu @toast-gear @actions/actions-launch @nikola-jokic
|
||||||
|
|||||||
@@ -73,7 +73,7 @@ To make your development cycle faster, use the below command to update deploy an
|
|||||||
# Makefile
|
# Makefile
|
||||||
VERSION=controller1 \
|
VERSION=controller1 \
|
||||||
RUNNER_TAG=runner1 \
|
RUNNER_TAG=runner1 \
|
||||||
make acceptance/pull acceptance/kind docker-build acceptance/load acceptance/deploy
|
make acceptance/pull acceptance/kind docker-buildx acceptance/load acceptance/deploy
|
||||||
```
|
```
|
||||||
|
|
||||||
If you've already deployed actions-runner-controller and only want to recreate pods to use the newer image, you can run:
|
If you've already deployed actions-runner-controller and only want to recreate pods to use the newer image, you can run:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
# Build the manager binary
|
# Build the manager binary
|
||||||
FROM --platform=$BUILDPLATFORM golang:1.20.7 as builder
|
FROM --platform=$BUILDPLATFORM golang:1.21.3 as builder
|
||||||
|
|
||||||
WORKDIR /workspace
|
WORKDIR /workspace
|
||||||
|
|
||||||
@@ -38,6 +38,7 @@ RUN --mount=target=. \
|
|||||||
export GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOARM=${TARGETVARIANT#v} && \
|
export GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOARM=${TARGETVARIANT#v} && \
|
||||||
go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}' -X 'github.com/actions/actions-runner-controller/build.CommitSHA=${COMMIT_SHA}'" -o /out/manager main.go && \
|
go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}' -X 'github.com/actions/actions-runner-controller/build.CommitSHA=${COMMIT_SHA}'" -o /out/manager main.go && \
|
||||||
go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}' -X 'github.com/actions/actions-runner-controller/build.CommitSHA=${COMMIT_SHA}'" -o /out/github-runnerscaleset-listener ./cmd/githubrunnerscalesetlistener && \
|
go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}' -X 'github.com/actions/actions-runner-controller/build.CommitSHA=${COMMIT_SHA}'" -o /out/github-runnerscaleset-listener ./cmd/githubrunnerscalesetlistener && \
|
||||||
|
go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}' -X 'github.com/actions/actions-runner-controller/build.CommitSHA=${COMMIT_SHA}'" -o /out/ghalistener ./cmd/ghalistener && \
|
||||||
go build -trimpath -ldflags="-s -w" -o /out/github-webhook-server ./cmd/githubwebhookserver && \
|
go build -trimpath -ldflags="-s -w" -o /out/github-webhook-server ./cmd/githubwebhookserver && \
|
||||||
go build -trimpath -ldflags="-s -w" -o /out/actions-metrics-server ./cmd/actionsmetricsserver && \
|
go build -trimpath -ldflags="-s -w" -o /out/actions-metrics-server ./cmd/actionsmetricsserver && \
|
||||||
go build -trimpath -ldflags="-s -w" -o /out/sleep ./cmd/sleep
|
go build -trimpath -ldflags="-s -w" -o /out/sleep ./cmd/sleep
|
||||||
@@ -52,6 +53,7 @@ COPY --from=builder /out/manager .
|
|||||||
COPY --from=builder /out/github-webhook-server .
|
COPY --from=builder /out/github-webhook-server .
|
||||||
COPY --from=builder /out/actions-metrics-server .
|
COPY --from=builder /out/actions-metrics-server .
|
||||||
COPY --from=builder /out/github-runnerscaleset-listener .
|
COPY --from=builder /out/github-runnerscaleset-listener .
|
||||||
|
COPY --from=builder /out/ghalistener .
|
||||||
COPY --from=builder /out/sleep .
|
COPY --from=builder /out/sleep .
|
||||||
|
|
||||||
USER 65532:65532
|
USER 65532:65532
|
||||||
|
|||||||
6
Makefile
6
Makefile
@@ -6,7 +6,7 @@ endif
|
|||||||
DOCKER_USER ?= $(shell echo ${DOCKER_IMAGE_NAME} | cut -d / -f1)
|
DOCKER_USER ?= $(shell echo ${DOCKER_IMAGE_NAME} | cut -d / -f1)
|
||||||
VERSION ?= dev
|
VERSION ?= dev
|
||||||
COMMIT_SHA = $(shell git rev-parse HEAD)
|
COMMIT_SHA = $(shell git rev-parse HEAD)
|
||||||
RUNNER_VERSION ?= 2.309.0
|
RUNNER_VERSION ?= 2.313.0
|
||||||
TARGETPLATFORM ?= $(shell arch)
|
TARGETPLATFORM ?= $(shell arch)
|
||||||
RUNNER_NAME ?= ${DOCKER_USER}/actions-runner
|
RUNNER_NAME ?= ${DOCKER_USER}/actions-runner
|
||||||
RUNNER_TAG ?= ${VERSION}
|
RUNNER_TAG ?= ${VERSION}
|
||||||
@@ -68,7 +68,7 @@ endif
|
|||||||
all: manager
|
all: manager
|
||||||
|
|
||||||
lint:
|
lint:
|
||||||
docker run --rm -v $(PWD):/app -w /app golangci/golangci-lint:v1.54.2 golangci-lint run
|
docker run --rm -v $(PWD):/app -w /app golangci/golangci-lint:v1.55.2 golangci-lint run
|
||||||
|
|
||||||
GO_TEST_ARGS ?= -short
|
GO_TEST_ARGS ?= -short
|
||||||
|
|
||||||
@@ -320,7 +320,7 @@ ifeq (, $(wildcard $(GOBIN)/controller-gen))
|
|||||||
CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
|
CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
|
||||||
cd $$CONTROLLER_GEN_TMP_DIR ;\
|
cd $$CONTROLLER_GEN_TMP_DIR ;\
|
||||||
go mod init tmp ;\
|
go mod init tmp ;\
|
||||||
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.11.3 ;\
|
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.13.0 ;\
|
||||||
rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
|
rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
|
||||||
}
|
}
|
||||||
endif
|
endif
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
//go:build !ignore_autogenerated
|
//go:build !ignore_autogenerated
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Copyright 2020 The actions-runner-controller authors.
|
Copyright 2020 The actions-runner-controller authors.
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ import (
|
|||||||
ctrl "sigs.k8s.io/controller-runtime"
|
ctrl "sigs.k8s.io/controller-runtime"
|
||||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
|
||||||
)
|
)
|
||||||
|
|
||||||
// log is for logging in this package.
|
// log is for logging in this package.
|
||||||
@@ -48,20 +49,20 @@ func (r *Runner) Default() {
|
|||||||
var _ webhook.Validator = &Runner{}
|
var _ webhook.Validator = &Runner{}
|
||||||
|
|
||||||
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
|
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *Runner) ValidateCreate() error {
|
func (r *Runner) ValidateCreate() (admission.Warnings, error) {
|
||||||
runnerLog.Info("validate resource to be created", "name", r.Name)
|
runnerLog.Info("validate resource to be created", "name", r.Name)
|
||||||
return r.Validate()
|
return nil, r.Validate()
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
|
// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *Runner) ValidateUpdate(old runtime.Object) error {
|
func (r *Runner) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
|
||||||
runnerLog.Info("validate resource to be updated", "name", r.Name)
|
runnerLog.Info("validate resource to be updated", "name", r.Name)
|
||||||
return r.Validate()
|
return nil, r.Validate()
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
|
// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *Runner) ValidateDelete() error {
|
func (r *Runner) ValidateDelete() (admission.Warnings, error) {
|
||||||
return nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate validates resource spec.
|
// Validate validates resource spec.
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ import (
|
|||||||
ctrl "sigs.k8s.io/controller-runtime"
|
ctrl "sigs.k8s.io/controller-runtime"
|
||||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
|
||||||
)
|
)
|
||||||
|
|
||||||
// log is for logging in this package.
|
// log is for logging in this package.
|
||||||
@@ -48,20 +49,20 @@ func (r *RunnerDeployment) Default() {
|
|||||||
var _ webhook.Validator = &RunnerDeployment{}
|
var _ webhook.Validator = &RunnerDeployment{}
|
||||||
|
|
||||||
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
|
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *RunnerDeployment) ValidateCreate() error {
|
func (r *RunnerDeployment) ValidateCreate() (admission.Warnings, error) {
|
||||||
runnerDeploymentLog.Info("validate resource to be created", "name", r.Name)
|
runnerDeploymentLog.Info("validate resource to be created", "name", r.Name)
|
||||||
return r.Validate()
|
return nil, r.Validate()
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
|
// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *RunnerDeployment) ValidateUpdate(old runtime.Object) error {
|
func (r *RunnerDeployment) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
|
||||||
runnerDeploymentLog.Info("validate resource to be updated", "name", r.Name)
|
runnerDeploymentLog.Info("validate resource to be updated", "name", r.Name)
|
||||||
return r.Validate()
|
return nil, r.Validate()
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
|
// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *RunnerDeployment) ValidateDelete() error {
|
func (r *RunnerDeployment) ValidateDelete() (admission.Warnings, error) {
|
||||||
return nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate validates resource spec.
|
// Validate validates resource spec.
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ import (
|
|||||||
ctrl "sigs.k8s.io/controller-runtime"
|
ctrl "sigs.k8s.io/controller-runtime"
|
||||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
|
||||||
)
|
)
|
||||||
|
|
||||||
// log is for logging in this package.
|
// log is for logging in this package.
|
||||||
@@ -48,20 +49,20 @@ func (r *RunnerReplicaSet) Default() {
|
|||||||
var _ webhook.Validator = &RunnerReplicaSet{}
|
var _ webhook.Validator = &RunnerReplicaSet{}
|
||||||
|
|
||||||
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
|
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *RunnerReplicaSet) ValidateCreate() error {
|
func (r *RunnerReplicaSet) ValidateCreate() (admission.Warnings, error) {
|
||||||
runnerReplicaSetLog.Info("validate resource to be created", "name", r.Name)
|
runnerReplicaSetLog.Info("validate resource to be created", "name", r.Name)
|
||||||
return r.Validate()
|
return nil, r.Validate()
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
|
// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *RunnerReplicaSet) ValidateUpdate(old runtime.Object) error {
|
func (r *RunnerReplicaSet) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
|
||||||
runnerReplicaSetLog.Info("validate resource to be updated", "name", r.Name)
|
runnerReplicaSetLog.Info("validate resource to be updated", "name", r.Name)
|
||||||
return r.Validate()
|
return nil, r.Validate()
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
|
// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
|
||||||
func (r *RunnerReplicaSet) ValidateDelete() error {
|
func (r *RunnerReplicaSet) ValidateDelete() (admission.Warnings, error) {
|
||||||
return nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate validates resource spec.
|
// Validate validates resource spec.
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
//go:build !ignore_autogenerated
|
//go:build !ignore_autogenerated
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Copyright 2020 The actions-runner-controller authors.
|
Copyright 2020 The actions-runner-controller authors.
|
||||||
|
|||||||
@@ -15,10 +15,10 @@ type: application
|
|||||||
# This is the chart version. This version number should be incremented each time you make changes
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
# to the chart and its templates, including the app version.
|
# to the chart and its templates, including the app version.
|
||||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
version: 0.23.5
|
version: 0.23.7
|
||||||
|
|
||||||
# Used as the default manager tag value when no tag property is provided in the values.yaml
|
# Used as the default manager tag value when no tag property is provided in the values.yaml
|
||||||
appVersion: 0.27.5
|
appVersion: 0.27.6
|
||||||
|
|
||||||
home: https://github.com/actions/actions-runner-controller
|
home: https://github.com/actions/actions-runner-controller
|
||||||
|
|
||||||
|
|||||||
@@ -8,154 +8,156 @@ All additional docs are kept in the `docs/` folder, this README is solely for do
|
|||||||
|
|
||||||
> _Default values are the defaults set in the charts `values.yaml`, some properties have default configurations in the code for when the property is omitted or invalid_
|
> _Default values are the defaults set in the charts `values.yaml`, some properties have default configurations in the code for when the property is omitted or invalid_
|
||||||
|
|
||||||
| Key | Description | Default |
|
| Key | Description | Default |
|
||||||
|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
|
|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
|
||||||
| `labels` | Set labels to apply to all resources in the chart | |
|
| `labels` | Set labels to apply to all resources in the chart | |
|
||||||
| `replicaCount` | Set the number of controller pods | 1 |
|
| `replicaCount` | Set the number of controller pods | 1 |
|
||||||
| `webhookPort` | Set the containerPort for the webhook Pod | 9443 |
|
| `webhookPort` | Set the containerPort for the webhook Pod | 9443 |
|
||||||
| `syncPeriod` | Set the period in which the controller reconciles the desired runners count | 1m |
|
| `syncPeriod` | Set the period in which the controller reconciles the desired runners count | 1m |
|
||||||
| `enableLeaderElection` | Enable election configuration | true |
|
| `enableLeaderElection` | Enable election configuration | true |
|
||||||
| `leaderElectionId` | Set the election ID for the controller group | |
|
| `leaderElectionId` | Set the election ID for the controller group | |
|
||||||
| `githubEnterpriseServerURL` | Set the URL for a self-hosted GitHub Enterprise Server | |
|
| `githubEnterpriseServerURL` | Set the URL for a self-hosted GitHub Enterprise Server | |
|
||||||
| `githubURL` | Override GitHub URL to be used for GitHub API calls | |
|
| `githubURL` | Override GitHub URL to be used for GitHub API calls | |
|
||||||
| `githubUploadURL` | Override GitHub Upload URL to be used for GitHub API calls | |
|
| `githubUploadURL` | Override GitHub Upload URL to be used for GitHub API calls | |
|
||||||
| `runnerGithubURL` | Override GitHub URL to be used by runners during registration | |
|
| `runnerGithubURL` | Override GitHub URL to be used by runners during registration | |
|
||||||
| `logLevel` | Set the log level of the controller container | |
|
| `logLevel` | Set the log level of the controller container | |
|
||||||
| `logFormat` | Set the log format of the controller. Valid options are "text" and "json" | text |
|
| `logFormat` | Set the log format of the controller. Valid options are "text" and "json" | text |
|
||||||
| `additionalVolumes` | Set additional volumes to add to the manager container | |
|
| `additionalVolumes` | Set additional volumes to add to the manager container | |
|
||||||
| `additionalVolumeMounts` | Set additional volume mounts to add to the manager container | |
|
| `additionalVolumeMounts` | Set additional volume mounts to add to the manager container | |
|
||||||
| `authSecret.create` | Deploy the controller auth secret | false |
|
| `authSecret.create` | Deploy the controller auth secret | false |
|
||||||
| `authSecret.name` | Set the name of the auth secret | controller-manager |
|
| `authSecret.name` | Set the name of the auth secret | controller-manager |
|
||||||
| `authSecret.annotations` | Set annotations for the auth Secret | |
|
| `authSecret.annotations` | Set annotations for the auth Secret | |
|
||||||
| `authSecret.github_app_id` | The ID of your GitHub App. **This can't be set at the same time as `authSecret.github_token`** | |
|
| `authSecret.github_app_id` | The ID of your GitHub App. **This can't be set at the same time as `authSecret.github_token`** | |
|
||||||
| `authSecret.github_app_installation_id` | The ID of your GitHub App installation. **This can't be set at the same time as `authSecret.github_token`** | |
|
| `authSecret.github_app_installation_id` | The ID of your GitHub App installation. **This can't be set at the same time as `authSecret.github_token`** | |
|
||||||
| `authSecret.github_app_private_key` | The multiline string of your GitHub App's private key. **This can't be set at the same time as `authSecret.github_token`** | |
|
| `authSecret.github_app_private_key` | The multiline string of your GitHub App's private key. **This can't be set at the same time as `authSecret.github_token`** | |
|
||||||
| `authSecret.github_token` | Your chosen GitHub PAT token. **This can't be set at the same time as the `authSecret.github_app_*`** | |
|
| `authSecret.github_token` | Your chosen GitHub PAT token. **This can't be set at the same time as the `authSecret.github_app_*`** | |
|
||||||
| `authSecret.github_basicauth_username` | Username for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | |
|
| `authSecret.github_basicauth_username` | Username for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | |
|
||||||
| `authSecret.github_basicauth_password` | Password for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | |
|
| `authSecret.github_basicauth_password` | Password for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | |
|
||||||
| `dockerRegistryMirror` | The default Docker Registry Mirror used by runners. | |
|
| `dockerRegistryMirror` | The default Docker Registry Mirror used by runners. | |
|
||||||
| `hostNetwork` | The "hostNetwork" of the controller container | false |
|
| `hostNetwork` | The "hostNetwork" of the controller container | false |
|
||||||
| `dnsPolicy` | The "dnsPolicy" of the controller container | ClusterFirst |
|
| `dnsPolicy` | The "dnsPolicy" of the controller container | ClusterFirst |
|
||||||
| `image.repository` | The "repository/image" of the controller container | summerwind/actions-runner-controller |
|
| `image.repository` | The "repository/image" of the controller container | summerwind/actions-runner-controller |
|
||||||
| `image.tag` | The tag of the controller container | |
|
| `image.tag` | The tag of the controller container | |
|
||||||
| `image.actionsRunnerRepositoryAndTag` | The "repository/image" of the actions runner container | summerwind/actions-runner:latest |
|
| `image.actionsRunnerRepositoryAndTag` | The "repository/image" of the actions runner container | summerwind/actions-runner:latest |
|
||||||
| `image.actionsRunnerImagePullSecrets` | Optional image pull secrets to be included in the runner pod's ImagePullSecrets | |
|
| `image.actionsRunnerImagePullSecrets` | Optional image pull secrets to be included in the runner pod's ImagePullSecrets | |
|
||||||
| `image.dindSidecarRepositoryAndTag` | The "repository/image" of the dind sidecar container | docker:dind |
|
| `image.dindSidecarRepositoryAndTag` | The "repository/image" of the dind sidecar container | docker:dind |
|
||||||
| `image.pullPolicy` | The pull policy of the controller image | IfNotPresent |
|
| `image.pullPolicy` | The pull policy of the controller image | IfNotPresent |
|
||||||
| `metrics.serviceMonitor.enable` | Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false |
|
| `metrics.serviceMonitor.enable` | Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false |
|
||||||
| `metrics.serviceMonitor.interval` | Configure the interval that Prometheus should scrap the controller's metrics | 1m |
|
| `metrics.serviceMonitor.interval` | Configure the interval that Prometheus should scrap the controller's metrics | 1m |
|
||||||
| `metrics.serviceMonitor.timeout` | Configure the timeout the timeout of Prometheus scrapping. | 30s |
|
| `metrics.serviceMonitor.namespace | Namespace which Prometheus is running in | `Release.Namespace` (the default namespace of the helm chart). |
|
||||||
| `metrics.serviceAnnotations` | Set annotations for the provisioned metrics service resource | |
|
| `metrics.serviceMonitor.timeout` | Configure the timeout the timeout of Prometheus scrapping. | 30s |
|
||||||
| `metrics.port` | Set port of metrics service | 8443 |
|
| `metrics.serviceAnnotations` | Set annotations for the provisioned metrics service resource | |
|
||||||
| `metrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true |
|
| `metrics.port` | Set port of metrics service | 8443 |
|
||||||
| `metrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy |
|
| `metrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true |
|
||||||
| `metrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.13.1 |
|
| `metrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy |
|
||||||
| `metrics.serviceMonitorLabels` | Set labels to apply to ServiceMonitor resources | |
|
| `metrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.13.1 |
|
||||||
| `imagePullSecrets` | Specifies the secret to be used when pulling the controller pod containers | |
|
| `metrics.serviceMonitorLabels` | Set labels to apply to ServiceMonitor resources | |
|
||||||
| `fullnameOverride` | Override the full resource names | |
|
| `imagePullSecrets` | Specifies the secret to be used when pulling the controller pod containers | |
|
||||||
| `nameOverride` | Override the resource name prefix | |
|
| `fullnameOverride` | Override the full resource names | |
|
||||||
| `serviceAccount.annotations` | Set annotations to the service account | |
|
| `nameOverride` | Override the resource name prefix | |
|
||||||
| `serviceAccount.create` | Deploy the controller pod under a service account | true |
|
| `serviceAccount.annotations` | Set annotations to the service account | |
|
||||||
| `podAnnotations` | Set annotations for the controller pod | |
|
| `serviceAccount.create` | Deploy the controller pod under a service account | true |
|
||||||
| `podLabels` | Set labels for the controller pod | |
|
| `podAnnotations` | Set annotations for the controller pod | |
|
||||||
| `serviceAccount.name` | Set the name of the service account | |
|
| `podLabels` | Set labels for the controller pod | |
|
||||||
| `securityContext` | Set the security context for each container in the controller pod | |
|
| `serviceAccount.name` | Set the name of the service account | |
|
||||||
| `podSecurityContext` | Set the security context to controller pod | |
|
| `securityContext` | Set the security context for each container in the controller pod | |
|
||||||
| `service.annotations` | Set annotations for the provisioned webhook service resource | |
|
| `podSecurityContext` | Set the security context to controller pod | |
|
||||||
| `service.port` | Set controller service ports | |
|
| `service.annotations` | Set annotations for the provisioned webhook service resource | |
|
||||||
| `service.type` | Set controller service type | |
|
| `service.port` | Set controller service ports | |
|
||||||
| `topologySpreadConstraints` | Set the controller pod topologySpreadConstraints | |
|
| `service.type` | Set controller service type | |
|
||||||
| `nodeSelector` | Set the controller pod nodeSelector | |
|
| `topologySpreadConstraints` | Set the controller pod topologySpreadConstraints | |
|
||||||
| `resources` | Set the controller pod resources | |
|
| `nodeSelector` | Set the controller pod nodeSelector | |
|
||||||
| `affinity` | Set the controller pod affinity rules | |
|
| `resources` | Set the controller pod resources | |
|
||||||
| `podDisruptionBudget.enabled` | Enables a PDB to ensure HA of controller pods | false |
|
| `affinity` | Set the controller pod affinity rules | |
|
||||||
| `podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | |
|
| `podDisruptionBudget.enabled` | Enables a PDB to ensure HA of controller pods | false |
|
||||||
| `podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | |
|
| `podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | |
|
||||||
| `tolerations` | Set the controller pod tolerations | |
|
| `podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | |
|
||||||
| `env` | Set environment variables for the controller container | |
|
| `tolerations` | Set the controller pod tolerations | |
|
||||||
| `priorityClassName` | Set the controller pod priorityClassName | |
|
| `env` | Set environment variables for the controller container | |
|
||||||
| `scope.watchNamespace` | Tells the controller and the github webhook server which namespace to watch if `scope.singleNamespace` is true | `Release.Namespace` (the default namespace of the helm chart). |
|
| `priorityClassName` | Set the controller pod priorityClassName | |
|
||||||
| `scope.singleNamespace` | Limit the controller to watch a single namespace | false |
|
| `scope.watchNamespace` | Tells the controller and the github webhook server which namespace to watch if `scope.singleNamespace` is true | `Release.Namespace` (the default namespace of the helm chart). |
|
||||||
| `certManagerEnabled` | Enable cert-manager. If disabled you must set admissionWebHooks.caBundle and create TLS secrets manually | true |
|
| `scope.singleNamespace` | Limit the controller to watch a single namespace | false |
|
||||||
| `runner.statusUpdateHook.enabled` | Use custom RBAC for runners (role, role binding and service account), this will enable reporting runner statuses | false |
|
| `certManagerEnabled` | Enable cert-manager. If disabled you must set admissionWebHooks.caBundle and create TLS secrets manually | true |
|
||||||
| `admissionWebHooks.caBundle` | Base64-encoded PEM bundle containing the CA that signed the webhook's serving certificate | |
|
| `runner.statusUpdateHook.enabled` | Use custom RBAC for runners (role, role binding and service account), this will enable reporting runner statuses | false |
|
||||||
| `githubWebhookServer.logLevel` | Set the log level of the githubWebhookServer container | |
|
| `admissionWebHooks.caBundle` | Base64-encoded PEM bundle containing the CA that signed the webhook's serving certificate | |
|
||||||
| `githubWebhookServer.logFormat` | Set the log format of the githubWebhookServer controller. Valid options are "text" and "json" | text |
|
| `githubWebhookServer.logLevel` | Set the log level of the githubWebhookServer container | |
|
||||||
| `githubWebhookServer.replicaCount` | Set the number of webhook server pods | 1 |
|
| `githubWebhookServer.logFormat` | Set the log format of the githubWebhookServer controller. Valid options are "text" and "json" | text |
|
||||||
| `githubWebhookServer.useRunnerGroupsVisibility` | Enable supporting runner groups with custom visibility, you also need to set `githubWebhookServer.secret.enabled` to enable this feature. | false |
|
| `githubWebhookServer.replicaCount` | Set the number of webhook server pods | 1 |
|
||||||
| `githubWebhookServer.enabled` | Deploy the webhook server pod | false |
|
| `githubWebhookServer.useRunnerGroupsVisibility` | Enable supporting runner groups with custom visibility, you also need to set `githubWebhookServer.secret.enabled` to enable this feature. | false |
|
||||||
| `githubWebhookServer.queueLimit` | Set the queue size limit in the githubWebhookServer | |
|
| `githubWebhookServer.enabled` | Deploy the webhook server pod | false |
|
||||||
| `githubWebhookServer.secret.enabled` | Passes the webhook hook secret to the github-webhook-server | false |
|
| `githubWebhookServer.queueLimit` | Set the queue size limit in the githubWebhookServer | |
|
||||||
| `githubWebhookServer.secret.create` | Deploy the webhook hook secret | false |
|
| `githubWebhookServer.secret.enabled` | Passes the webhook hook secret to the github-webhook-server | false |
|
||||||
| `githubWebhookServer.secret.name` | Set the name of the webhook hook secret | github-webhook-server |
|
| `githubWebhookServer.secret.create` | Deploy the webhook hook secret | false |
|
||||||
| `githubWebhookServer.secret.github_webhook_secret_token` | Set the webhook secret token value | |
|
| `githubWebhookServer.secret.name` | Set the name of the webhook hook secret | github-webhook-server |
|
||||||
| `githubWebhookServer.imagePullSecrets` | Specifies the secret to be used when pulling the githubWebhookServer pod containers | |
|
| `githubWebhookServer.secret.github_webhook_secret_token` | Set the webhook secret token value | |
|
||||||
| `githubWebhookServer.nameOverride` | Override the resource name prefix | |
|
| `githubWebhookServer.imagePullSecrets` | Specifies the secret to be used when pulling the githubWebhookServer pod containers | |
|
||||||
| `githubWebhookServer.fullnameOverride` | Override the full resource names | |
|
| `githubWebhookServer.nameOverride` | Override the resource name prefix | |
|
||||||
| `githubWebhookServer.serviceAccount.create` | Deploy the githubWebhookServer under a service account | true |
|
| `githubWebhookServer.fullnameOverride` | Override the full resource names | |
|
||||||
| `githubWebhookServer.serviceAccount.annotations` | Set annotations for the service account | |
|
| `githubWebhookServer.serviceAccount.create` | Deploy the githubWebhookServer under a service account | true |
|
||||||
| `githubWebhookServer.serviceAccount.name` | Set the service account name | |
|
| `githubWebhookServer.serviceAccount.annotations` | Set annotations for the service account | |
|
||||||
| `githubWebhookServer.podAnnotations` | Set annotations for the githubWebhookServer pod | |
|
| `githubWebhookServer.serviceAccount.name` | Set the service account name | |
|
||||||
| `githubWebhookServer.podLabels` | Set labels for the githubWebhookServer pod | |
|
| `githubWebhookServer.podAnnotations` | Set annotations for the githubWebhookServer pod | |
|
||||||
| `githubWebhookServer.podSecurityContext` | Set the security context to githubWebhookServer pod | |
|
| `githubWebhookServer.podLabels` | Set labels for the githubWebhookServer pod | |
|
||||||
| `githubWebhookServer.securityContext` | Set the security context for each container in the githubWebhookServer pod | |
|
| `githubWebhookServer.podSecurityContext` | Set the security context to githubWebhookServer pod | |
|
||||||
| `githubWebhookServer.resources` | Set the githubWebhookServer pod resources | |
|
| `githubWebhookServer.securityContext` | Set the security context for each container in the githubWebhookServer pod | |
|
||||||
| `githubWebhookServer.topologySpreadConstraints` | Set the githubWebhookServer pod topologySpreadConstraints | |
|
| `githubWebhookServer.resources` | Set the githubWebhookServer pod resources | |
|
||||||
| `githubWebhookServer.nodeSelector` | Set the githubWebhookServer pod nodeSelector | |
|
| `githubWebhookServer.topologySpreadConstraints` | Set the githubWebhookServer pod topologySpreadConstraints | |
|
||||||
| `githubWebhookServer.tolerations` | Set the githubWebhookServer pod tolerations | |
|
| `githubWebhookServer.nodeSelector` | Set the githubWebhookServer pod nodeSelector | |
|
||||||
| `githubWebhookServer.affinity` | Set the githubWebhookServer pod affinity rules | |
|
| `githubWebhookServer.tolerations` | Set the githubWebhookServer pod tolerations | |
|
||||||
| `githubWebhookServer.priorityClassName` | Set the githubWebhookServer pod priorityClassName | |
|
| `githubWebhookServer.affinity` | Set the githubWebhookServer pod affinity rules | |
|
||||||
| `githubWebhookServer.terminationGracePeriodSeconds` | Set the githubWebhookServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep. | `10` |
|
| `githubWebhookServer.priorityClassName` | Set the githubWebhookServer pod priorityClassName | |
|
||||||
| `githubWebhookServer.lifecycle` | Set the githubWebhookServer pod lifecycle hooks | `{}` |
|
| `githubWebhookServer.terminationGracePeriodSeconds` | Set the githubWebhookServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep. | `10` |
|
||||||
| `githubWebhookServer.service.type` | Set githubWebhookServer service type | |
|
| `githubWebhookServer.lifecycle` | Set the githubWebhookServer pod lifecycle hooks | `{}` |
|
||||||
| `githubWebhookServer.service.ports` | Set githubWebhookServer service ports | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]` |
|
| `githubWebhookServer.service.type` | Set githubWebhookServer service type | |
|
||||||
| `githubWebhookServer.service.loadBalancerSourceRanges` | Set githubWebhookServer loadBalancerSourceRanges for restricting loadBalancer type services | `[]` |
|
| `githubWebhookServer.service.ports` | Set githubWebhookServer service ports | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]` |
|
||||||
| `githubWebhookServer.ingress.enabled` | Deploy an ingress kind for the githubWebhookServer | false |
|
| `githubWebhookServer.service.loadBalancerSourceRanges` | Set githubWebhookServer loadBalancerSourceRanges for restricting loadBalancer type services | `[]` |
|
||||||
| `githubWebhookServer.ingress.annotations` | Set annotations for the ingress kind | |
|
| `githubWebhookServer.ingress.enabled` | Deploy an ingress kind for the githubWebhookServer | false |
|
||||||
| `githubWebhookServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` |
|
| `githubWebhookServer.ingress.annotations` | Set annotations for the ingress kind | |
|
||||||
| `githubWebhookServer.ingress.tls` | Set tls configuration for ingress | |
|
| `githubWebhookServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` |
|
||||||
| `githubWebhookServer.ingress.ingressClassName` | Set ingress class name | |
|
| `githubWebhookServer.ingress.tls` | Set tls configuration for ingress | |
|
||||||
| `githubWebhookServer.podDisruptionBudget.enabled` | Enables a PDB to ensure HA of githubwebhook pods | false |
|
| `githubWebhookServer.ingress.ingressClassName` | Set ingress class name | |
|
||||||
| `githubWebhookServer.podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | |
|
| `githubWebhookServer.podDisruptionBudget.enabled` | Enables a PDB to ensure HA of githubwebhook pods | false |
|
||||||
| `githubWebhookServer.podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | |
|
| `githubWebhookServer.podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | |
|
||||||
| `actionsMetricsServer.logLevel` | Set the log level of the actionsMetricsServer container | |
|
| `githubWebhookServer.podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | |
|
||||||
| `actionsMetricsServer.logFormat` | Set the log format of the actionsMetricsServer controller. Valid options are "text" and "json" | text |
|
| `actionsMetricsServer.logLevel` | Set the log level of the actionsMetricsServer container | |
|
||||||
| `actionsMetricsServer.enabled` | Deploy the actions metrics server pod | false |
|
| `actionsMetricsServer.logFormat` | Set the log format of the actionsMetricsServer controller. Valid options are "text" and "json" | text |
|
||||||
|
| `actionsMetricsServer.enabled` | Deploy the actions metrics server pod | false |
|
||||||
| `actionsMetricsServer.secret.enabled` | Passes the webhook hook secret to the actions-metrics-server | false |
|
| `actionsMetricsServer.secret.enabled` | Passes the webhook hook secret to the actions-metrics-server | false |
|
||||||
| `actionsMetricsServer.secret.create` | Deploy the webhook hook secret | false |
|
| `actionsMetricsServer.secret.create` | Deploy the webhook hook secret | false |
|
||||||
| `actionsMetricsServer.secret.name` | Set the name of the webhook hook secret | actions-metrics-server |
|
| `actionsMetricsServer.secret.name` | Set the name of the webhook hook secret | actions-metrics-server |
|
||||||
| `actionsMetricsServer.secret.github_webhook_secret_token` | Set the webhook secret token value | |
|
| `actionsMetricsServer.secret.github_webhook_secret_token` | Set the webhook secret token value | |
|
||||||
| `actionsMetricsServer.imagePullSecrets` | Specifies the secret to be used when pulling the actionsMetricsServer pod containers | |
|
| `actionsMetricsServer.imagePullSecrets` | Specifies the secret to be used when pulling the actionsMetricsServer pod containers | |
|
||||||
| `actionsMetricsServer.nameOverride` | Override the resource name prefix | |
|
| `actionsMetricsServer.nameOverride` | Override the resource name prefix | |
|
||||||
| `actionsMetricsServer.fullnameOverride` | Override the full resource names | |
|
| `actionsMetricsServer.fullnameOverride` | Override the full resource names | |
|
||||||
| `actionsMetricsServer.serviceAccount.create` | Deploy the actionsMetricsServer under a service account | true |
|
| `actionsMetricsServer.serviceAccount.create` | Deploy the actionsMetricsServer under a service account | true |
|
||||||
| `actionsMetricsServer.serviceAccount.annotations` | Set annotations for the service account | |
|
| `actionsMetricsServer.serviceAccount.annotations` | Set annotations for the service account | |
|
||||||
| `actionsMetricsServer.serviceAccount.name` | Set the service account name | |
|
| `actionsMetricsServer.serviceAccount.name` | Set the service account name | |
|
||||||
| `actionsMetricsServer.podAnnotations` | Set annotations for the actionsMetricsServer pod | |
|
| `actionsMetricsServer.podAnnotations` | Set annotations for the actionsMetricsServer pod | |
|
||||||
| `actionsMetricsServer.podLabels` | Set labels for the actionsMetricsServer pod | |
|
| `actionsMetricsServer.podLabels` | Set labels for the actionsMetricsServer pod | |
|
||||||
| `actionsMetricsServer.podSecurityContext` | Set the security context to actionsMetricsServer pod | |
|
| `actionsMetricsServer.podSecurityContext` | Set the security context to actionsMetricsServer pod | |
|
||||||
| `actionsMetricsServer.securityContext` | Set the security context for each container in the actionsMetricsServer pod | |
|
| `actionsMetricsServer.securityContext` | Set the security context for each container in the actionsMetricsServer pod | |
|
||||||
| `actionsMetricsServer.resources` | Set the actionsMetricsServer pod resources | |
|
| `actionsMetricsServer.resources` | Set the actionsMetricsServer pod resources | |
|
||||||
| `actionsMetricsServer.topologySpreadConstraints` | Set the actionsMetricsServer pod topologySpreadConstraints | |
|
| `actionsMetricsServer.topologySpreadConstraints` | Set the actionsMetricsServer pod topologySpreadConstraints | |
|
||||||
| `actionsMetricsServer.nodeSelector` | Set the actionsMetricsServer pod nodeSelector | |
|
| `actionsMetricsServer.nodeSelector` | Set the actionsMetricsServer pod nodeSelector | |
|
||||||
| `actionsMetricsServer.tolerations` | Set the actionsMetricsServer pod tolerations | |
|
| `actionsMetricsServer.tolerations` | Set the actionsMetricsServer pod tolerations | |
|
||||||
| `actionsMetricsServer.affinity` | Set the actionsMetricsServer pod affinity rules | |
|
| `actionsMetricsServer.affinity` | Set the actionsMetricsServer pod affinity rules | |
|
||||||
| `actionsMetricsServer.priorityClassName` | Set the actionsMetricsServer pod priorityClassName | |
|
| `actionsMetricsServer.priorityClassName` | Set the actionsMetricsServer pod priorityClassName | |
|
||||||
| `actionsMetricsServer.terminationGracePeriodSeconds` | Set the actionsMetricsServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep. | `10` |
|
| `actionsMetricsServer.terminationGracePeriodSeconds` | Set the actionsMetricsServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep. | `10` |
|
||||||
| `actionsMetricsServer.lifecycle` | Set the actionsMetricsServer pod lifecycle hooks | `{}` |
|
| `actionsMetricsServer.lifecycle` | Set the actionsMetricsServer pod lifecycle hooks | `{}` |
|
||||||
| `actionsMetricsServer.service.type` | Set actionsMetricsServer service type | |
|
| `actionsMetricsServer.service.type` | Set actionsMetricsServer service type | |
|
||||||
| `actionsMetricsServer.service.ports` | Set actionsMetricsServer service ports | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]` |
|
| `actionsMetricsServer.service.ports` | Set actionsMetricsServer service ports | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]` |
|
||||||
| `actionsMetricsServer.service.loadBalancerSourceRanges` | Set actionsMetricsServer loadBalancerSourceRanges for restricting loadBalancer type services | `[]` |
|
| `actionsMetricsServer.service.loadBalancerSourceRanges` | Set actionsMetricsServer loadBalancerSourceRanges for restricting loadBalancer type services | `[]` |
|
||||||
| `actionsMetricsServer.ingress.enabled` | Deploy an ingress kind for the actionsMetricsServer | false |
|
| `actionsMetricsServer.ingress.enabled` | Deploy an ingress kind for the actionsMetricsServer | false |
|
||||||
| `actionsMetricsServer.ingress.annotations` | Set annotations for the ingress kind | |
|
| `actionsMetricsServer.ingress.annotations` | Set annotations for the ingress kind | |
|
||||||
| `actionsMetricsServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` |
|
| `actionsMetricsServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` |
|
||||||
| `actionsMetricsServer.ingress.tls` | Set tls configuration for ingress | |
|
| `actionsMetricsServer.ingress.tls` | Set tls configuration for ingress | |
|
||||||
| `actionsMetricsServer.ingress.ingressClassName` | Set ingress class name | |
|
| `actionsMetricsServer.ingress.ingressClassName` | Set ingress class name | |
|
||||||
| `actionsMetrics.serviceMonitor.enable` | Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false |
|
| `actionsMetrics.serviceMonitor.enable` | Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false |
|
||||||
| `actionsMetrics.serviceMonitor.interval` | Configure the interval that Prometheus should scrap the controller's metrics | 1m |
|
| `actionsMetrics.serviceMonitor.interval` | Configure the interval that Prometheus should scrap the controller's metrics | 1m |
|
||||||
| `actionsMetrics.serviceMonitor.timeout` | Configure the timeout the timeout of Prometheus scrapping. | 30s |
|
| `actionsMetrics.serviceMonitor.namespace` | Namespace which Prometheus is running in. | `Release.Namespace` (the default namespace of the helm chart). |
|
||||||
| `actionsMetrics.serviceAnnotations` | Set annotations for the provisioned actions metrics service resource | |
|
| `actionsMetrics.serviceMonitor.timeout` | Configure the timeout the timeout of Prometheus scrapping. | 30s |
|
||||||
| `actionsMetrics.port` | Set port of actions metrics service | 8443 |
|
| `actionsMetrics.serviceAnnotations` | Set annotations for the provisioned actions metrics service resource | |
|
||||||
|
| `actionsMetrics.port` | Set port of actions metrics service | 8443 |
|
||||||
| `actionsMetrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true |
|
| `actionsMetrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true |
|
||||||
| `actionsMetrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy |
|
| `actionsMetrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy |
|
||||||
| `actionsMetrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.13.1 |
|
| `actionsMetrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.13.1 |
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: horizontalrunnerautoscalers.actions.summerwind.dev
|
name: horizontalrunnerautoscalers.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: runnerdeployments.actions.summerwind.dev
|
name: runnerdeployments.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
@@ -767,7 +766,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -832,7 +831,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -891,7 +890,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -915,7 +914,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1027,7 +1026,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1051,7 +1050,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1112,11 +1111,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1143,9 +1159,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1208,7 +1227,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1226,7 +1245,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1250,7 +1269,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1274,7 +1293,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1557,7 +1576,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1584,7 +1603,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
dockerdWithinRunnerContainer:
|
dockerdWithinRunnerContainer:
|
||||||
@@ -1873,7 +1892,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1938,7 +1957,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1997,7 +2016,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2021,7 +2040,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2133,7 +2152,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2157,7 +2176,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2218,11 +2237,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2249,9 +2285,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2314,7 +2353,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2332,7 +2371,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2356,7 +2395,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2380,7 +2419,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2714,7 +2753,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2779,7 +2818,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2838,7 +2877,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2862,7 +2901,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2974,7 +3013,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2998,7 +3037,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3059,11 +3098,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3090,9 +3146,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -3155,7 +3214,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3173,7 +3232,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3197,7 +3256,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3221,7 +3280,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3368,7 +3427,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3395,7 +3454,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
@@ -3442,7 +3501,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3482,7 +3541,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3654,7 +3713,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3719,7 +3778,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3778,7 +3837,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3802,7 +3861,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3914,7 +3973,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3938,7 +3997,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3999,11 +4058,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4030,9 +4106,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -4095,7 +4174,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -4113,7 +4192,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -4137,7 +4216,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -4161,7 +4240,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -4349,7 +4428,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -4663,7 +4742,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -4741,7 +4820,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4768,7 +4847,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -5391,7 +5470,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -5418,7 +5497,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
storageClassName:
|
storageClassName:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: runnerreplicasets.actions.summerwind.dev
|
name: runnerreplicasets.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
@@ -749,7 +748,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -814,7 +813,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -873,7 +872,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -897,7 +896,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1009,7 +1008,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1033,7 +1032,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1094,11 +1093,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1125,9 +1141,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1190,7 +1209,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1208,7 +1227,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1232,7 +1251,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1256,7 +1275,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1539,7 +1558,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1566,7 +1585,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
dockerdWithinRunnerContainer:
|
dockerdWithinRunnerContainer:
|
||||||
@@ -1855,7 +1874,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1920,7 +1939,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1979,7 +1998,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2003,7 +2022,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2115,7 +2134,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2139,7 +2158,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2200,11 +2219,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2231,9 +2267,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2296,7 +2335,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2314,7 +2353,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2338,7 +2377,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2362,7 +2401,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2696,7 +2735,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2761,7 +2800,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2820,7 +2859,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2844,7 +2883,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2956,7 +2995,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2980,7 +3019,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3041,11 +3080,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3072,9 +3128,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -3137,7 +3196,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3155,7 +3214,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3179,7 +3238,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3203,7 +3262,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3350,7 +3409,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3377,7 +3436,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
@@ -3424,7 +3483,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3464,7 +3523,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3636,7 +3695,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3701,7 +3760,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3760,7 +3819,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3784,7 +3843,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3896,7 +3955,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3920,7 +3979,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3981,11 +4040,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4012,9 +4088,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -4077,7 +4156,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -4095,7 +4174,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -4119,7 +4198,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -4143,7 +4222,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -4331,7 +4410,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -4645,7 +4724,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -4723,7 +4802,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4750,7 +4829,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -5373,7 +5452,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -5400,7 +5479,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
storageClassName:
|
storageClassName:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: runners.actions.summerwind.dev
|
name: runners.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
@@ -701,7 +700,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -766,7 +765,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -825,7 +824,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -849,7 +848,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -961,7 +960,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -985,7 +984,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1046,11 +1045,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1077,9 +1093,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1142,7 +1161,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1160,7 +1179,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1184,7 +1203,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1208,7 +1227,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1491,7 +1510,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1518,7 +1537,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
dockerdWithinRunnerContainer:
|
dockerdWithinRunnerContainer:
|
||||||
@@ -1807,7 +1826,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1872,7 +1891,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1931,7 +1950,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1955,7 +1974,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2067,7 +2086,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2091,7 +2110,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2152,11 +2171,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2183,9 +2219,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2248,7 +2287,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2266,7 +2305,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2290,7 +2329,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2314,7 +2353,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2648,7 +2687,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2713,7 +2752,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2772,7 +2811,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2796,7 +2835,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2908,7 +2947,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2932,7 +2971,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2993,11 +3032,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3024,9 +3080,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -3089,7 +3148,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3107,7 +3166,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3131,7 +3190,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3155,7 +3214,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3302,7 +3361,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3329,7 +3388,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
@@ -3376,7 +3435,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3416,7 +3475,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3588,7 +3647,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3653,7 +3712,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3712,7 +3771,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3736,7 +3795,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3848,7 +3907,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3872,7 +3931,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3933,11 +3992,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3964,9 +4040,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -4029,7 +4108,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -4047,7 +4126,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -4071,7 +4150,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -4095,7 +4174,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -4283,7 +4362,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -4597,7 +4676,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -4675,7 +4754,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4702,7 +4781,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -5325,7 +5404,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -5352,7 +5431,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
storageClassName:
|
storageClassName:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: runnersets.actions.summerwind.dev
|
name: runnersets.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
@@ -97,7 +96,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
ordinals:
|
ordinals:
|
||||||
description: ordinals controls the numbering of replica indices in a StatefulSet. The default ordinals behavior assigns a "0" index to the first replica and increments the index by one for each additional replica requested. Using the ordinals field requires the StatefulSetStartOrdinal feature gate to be enabled, which is alpha.
|
description: ordinals controls the numbering of replica indices in a StatefulSet. The default ordinals behavior assigns a "0" index to the first replica and increments the index by one for each additional replica requested. Using the ordinals field requires the StatefulSetStartOrdinal feature gate to be enabled, which is beta.
|
||||||
properties:
|
properties:
|
||||||
start:
|
start:
|
||||||
description: 'start is the number representing the first replica''s index. It may be used to number replicas from an alternate index (eg: 1-indexed) over the default 0-indexed names, or to orchestrate progressive movement of replicas from one StatefulSet to another. If set, replica indices will be in the range: [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). If unset, defaults to 0. Replica indices will be in the range: [0, .spec.replicas).'
|
description: 'start is the number representing the first replica''s index. It may be used to number replicas from an alternate index (eg: 1-indexed) over the default 0-indexed names, or to orchestrate progressive movement of replicas from one StatefulSet to another. If set, replica indices will be in the range: [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). If unset, defaults to 0. Replica indices will be in the range: [0, .spec.replicas).'
|
||||||
@@ -168,7 +167,7 @@ spec:
|
|||||||
description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
|
description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
|
||||||
type: string
|
type: string
|
||||||
template:
|
template:
|
||||||
description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3".
|
description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3". The only allowed template.spec.restartPolicy value is "Always".
|
||||||
properties:
|
properties:
|
||||||
metadata:
|
metadata:
|
||||||
description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
|
description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
|
||||||
@@ -836,7 +835,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -901,7 +900,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -960,7 +959,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -984,7 +983,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1096,7 +1095,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1120,7 +1119,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1181,11 +1180,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1212,9 +1228,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1277,7 +1296,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1295,7 +1314,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1319,7 +1338,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1343,7 +1362,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1666,7 +1685,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1731,7 +1750,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1790,7 +1809,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1814,7 +1833,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1926,7 +1945,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1950,7 +1969,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2011,11 +2030,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2042,9 +2078,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2107,7 +2146,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2125,7 +2164,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2149,7 +2188,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2173,7 +2212,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2508,7 +2547,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2573,7 +2612,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2632,7 +2671,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2656,7 +2695,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2768,7 +2807,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2792,7 +2831,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2853,11 +2892,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2884,9 +2940,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2949,7 +3008,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2967,7 +3026,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2991,7 +3050,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3015,7 +3074,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3206,7 +3265,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3217,7 +3276,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3226,7 +3285,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3281,7 +3340,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3321,7 +3380,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3407,7 +3466,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3691,7 +3750,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3769,7 +3828,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3796,7 +3855,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -4511,7 +4570,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4538,7 +4597,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -4590,6 +4649,13 @@ spec:
|
|||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
|
allocatedResourceStatuses:
|
||||||
|
additionalProperties:
|
||||||
|
description: When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource that it does not recognizes, then it should ignore that update and let other controllers handle it.
|
||||||
|
type: string
|
||||||
|
description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\" When this field is not set, it means that no resize operation is in progress for the given PVC. \n A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature."
|
||||||
|
type: object
|
||||||
|
x-kubernetes-map-type: granular
|
||||||
allocatedResources:
|
allocatedResources:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
anyOf:
|
anyOf:
|
||||||
@@ -4597,7 +4663,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
|
description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. \n A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature."
|
||||||
type: object
|
type: object
|
||||||
capacity:
|
capacity:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
@@ -4611,7 +4677,7 @@ spec:
|
|||||||
conditions:
|
conditions:
|
||||||
description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
|
description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
|
||||||
items:
|
items:
|
||||||
description: PersistentVolumeClaimCondition contails details about state of pvc
|
description: PersistentVolumeClaimCondition contains details about state of pvc
|
||||||
properties:
|
properties:
|
||||||
lastProbeTime:
|
lastProbeTime:
|
||||||
description: lastProbeTime is the time we probed the condition.
|
description: lastProbeTime is the time we probed the condition.
|
||||||
@@ -4640,9 +4706,6 @@ spec:
|
|||||||
phase:
|
phase:
|
||||||
description: phase represents the current phase of PersistentVolumeClaim.
|
description: phase represents the current phase of PersistentVolumeClaim.
|
||||||
type: string
|
type: string
|
||||||
resizeStatus:
|
|
||||||
description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
|
|
||||||
type: string
|
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
@@ -4666,7 +4729,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4693,7 +4756,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
storageClassName:
|
storageClassName:
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
{{- if and .Values.actionsMetricsServer.enabled .Values.actionsMetrics.serviceMonitor.enable }}
|
{{- if and .Values.actionsMetricsServer.enabled .Values.actionsMetrics.serviceMonitor.enable }}
|
||||||
|
{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
@@ -8,7 +9,7 @@ metadata:
|
|||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
name: {{ include "actions-runner-controller-actions-metrics-server.serviceMonitorName" . }}
|
name: {{ include "actions-runner-controller-actions-metrics-server.serviceMonitorName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ $servicemonitornamespace }}
|
||||||
spec:
|
spec:
|
||||||
endpoints:
|
endpoints:
|
||||||
- path: /metrics
|
- path: /metrics
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
{{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor.enable }}
|
{{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor.enable }}
|
||||||
|
{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }}
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
metadata:
|
metadata:
|
||||||
@@ -8,7 +9,7 @@ metadata:
|
|||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
name: {{ include "actions-runner-controller-github-webhook-server.serviceMonitorName" . }}
|
name: {{ include "actions-runner-controller-github-webhook-server.serviceMonitorName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ $servicemonitornamespace }}
|
||||||
spec:
|
spec:
|
||||||
endpoints:
|
endpoints:
|
||||||
- path: /metrics
|
- path: /metrics
|
||||||
|
|||||||
@@ -111,6 +111,7 @@ metrics:
|
|||||||
serviceAnnotations: {}
|
serviceAnnotations: {}
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enable: false
|
enable: false
|
||||||
|
namespace: ""
|
||||||
timeout: 30s
|
timeout: 30s
|
||||||
interval: 1m
|
interval: 1m
|
||||||
serviceMonitorLabels: {}
|
serviceMonitorLabels: {}
|
||||||
@@ -312,6 +313,7 @@ actionsMetrics:
|
|||||||
# to deploy the actions-metrics-server whose k8s service is referenced by the service monitor.
|
# to deploy the actions-metrics-server whose k8s service is referenced by the service monitor.
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enable: false
|
enable: false
|
||||||
|
namespace: ""
|
||||||
timeout: 30s
|
timeout: 30s
|
||||||
interval: 1m
|
interval: 1m
|
||||||
serviceMonitorLabels: {}
|
serviceMonitorLabels: {}
|
||||||
|
|||||||
@@ -15,13 +15,13 @@ type: application
|
|||||||
# This is the chart version. This version number should be incremented each time you make changes
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
# to the chart and its templates, including the app version.
|
# to the chart and its templates, including the app version.
|
||||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
version: 0.6.1
|
version: 0.8.3
|
||||||
|
|
||||||
# This is the version number of the application being deployed. This version number should be
|
# This is the version number of the application being deployed. This version number should be
|
||||||
# incremented each time you make changes to the application. Versions are not expected to
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||||
# It is recommended to use it with quotes.
|
# It is recommended to use it with quotes.
|
||||||
appVersion: "0.6.1"
|
appVersion: "0.8.3"
|
||||||
|
|
||||||
home: https://github.com/actions/actions-runner-controller
|
home: https://github.com/actions/actions-runner-controller
|
||||||
|
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: autoscalinglisteners.actions.github.com
|
name: autoscalinglisteners.actions.github.com
|
||||||
spec:
|
spec:
|
||||||
group: actions.github.com
|
group: actions.github.com
|
||||||
@@ -796,7 +795,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -861,7 +860,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -920,7 +919,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -944,7 +943,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1056,7 +1055,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1080,7 +1079,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1141,11 +1140,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1175,9 +1191,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1240,7 +1259,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1258,7 +1277,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1282,7 +1301,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1306,7 +1325,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1629,7 +1648,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1694,7 +1713,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1753,7 +1772,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1777,7 +1796,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1889,7 +1908,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1913,7 +1932,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1974,11 +1993,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2008,9 +2044,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2073,7 +2112,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2091,7 +2130,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2115,7 +2154,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2139,7 +2178,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2474,7 +2513,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2539,7 +2578,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2598,7 +2637,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2622,7 +2661,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2734,7 +2773,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2758,7 +2797,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2819,11 +2858,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2853,9 +2909,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2918,7 +2977,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2936,7 +2995,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2960,7 +3019,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2984,7 +3043,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3175,7 +3234,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3186,7 +3245,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3195,7 +3254,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3250,7 +3309,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3290,7 +3349,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3376,7 +3435,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3660,7 +3719,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3738,7 +3797,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3768,7 +3827,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: autoscalingrunnersets.actions.github.com
|
name: autoscalingrunnersets.actions.github.com
|
||||||
spec:
|
spec:
|
||||||
group: actions.github.com
|
group: actions.github.com
|
||||||
@@ -754,7 +753,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -819,7 +818,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -878,7 +877,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -902,7 +901,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1014,7 +1013,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1038,7 +1037,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1099,11 +1098,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1133,9 +1149,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1198,7 +1217,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1216,7 +1235,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1240,7 +1259,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1264,7 +1283,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1587,7 +1606,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1652,7 +1671,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1711,7 +1730,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1735,7 +1754,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1847,7 +1866,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1871,7 +1890,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1932,11 +1951,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1966,9 +2002,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2031,7 +2070,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2049,7 +2088,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2073,7 +2112,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2097,7 +2136,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2432,7 +2471,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2497,7 +2536,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2556,7 +2595,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2580,7 +2619,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2692,7 +2731,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2716,7 +2755,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2777,11 +2816,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2811,9 +2867,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2876,7 +2935,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2894,7 +2953,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2918,7 +2977,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2942,7 +3001,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3133,7 +3192,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3144,7 +3203,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3153,7 +3212,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3208,7 +3267,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3248,7 +3307,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3334,7 +3393,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3618,7 +3677,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3696,7 +3755,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3726,7 +3785,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -5043,7 +5102,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5108,7 +5167,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5167,7 +5226,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -5191,7 +5250,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5303,7 +5362,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -5327,7 +5386,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5388,11 +5447,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -5419,9 +5495,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -5484,7 +5563,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -5502,7 +5581,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -5526,7 +5605,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -5550,7 +5629,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5873,7 +5952,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5938,7 +6017,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5997,7 +6076,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6021,7 +6100,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6133,7 +6212,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6157,7 +6236,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6218,11 +6297,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -6249,9 +6345,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -6314,7 +6413,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -6332,7 +6431,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -6356,7 +6455,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6380,7 +6479,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6715,7 +6814,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6780,7 +6879,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6839,7 +6938,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6863,7 +6962,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6975,7 +7074,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6999,7 +7098,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -7060,11 +7159,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -7091,9 +7207,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -7156,7 +7275,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -7174,7 +7293,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -7198,7 +7317,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -7222,7 +7341,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -7413,7 +7532,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -7424,7 +7543,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -7433,7 +7552,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -7488,7 +7607,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -7528,7 +7647,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -7614,7 +7733,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -7898,7 +8017,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -7976,7 +8095,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -8003,7 +8122,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: ephemeralrunners.actions.github.com
|
name: ephemeralrunners.actions.github.com
|
||||||
spec:
|
spec:
|
||||||
group: actions.github.com
|
group: actions.github.com
|
||||||
@@ -779,7 +778,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -844,7 +843,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -903,7 +902,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -927,7 +926,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1039,7 +1038,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1063,7 +1062,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1124,11 +1123,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1155,9 +1171,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1220,7 +1239,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1238,7 +1257,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1262,7 +1281,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1286,7 +1305,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1609,7 +1628,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1674,7 +1693,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1733,7 +1752,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1757,7 +1776,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1869,7 +1888,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1893,7 +1912,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1954,11 +1973,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1985,9 +2021,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2050,7 +2089,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2068,7 +2107,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2092,7 +2131,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2116,7 +2155,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2451,7 +2490,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2516,7 +2555,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2575,7 +2614,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2599,7 +2638,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2711,7 +2750,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2735,7 +2774,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2796,11 +2835,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2827,9 +2883,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2892,7 +2951,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2910,7 +2969,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2934,7 +2993,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2958,7 +3017,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3149,7 +3208,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3160,7 +3219,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3169,7 +3228,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3224,7 +3283,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3264,7 +3323,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3350,7 +3409,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3634,7 +3693,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3712,7 +3771,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3739,7 +3798,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: ephemeralrunnersets.actions.github.com
|
name: ephemeralrunnersets.actions.github.com
|
||||||
spec:
|
spec:
|
||||||
group: actions.github.com
|
group: actions.github.com
|
||||||
@@ -773,7 +772,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -838,7 +837,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -897,7 +896,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -921,7 +920,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1033,7 +1032,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1057,7 +1056,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1118,11 +1117,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1149,9 +1165,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1214,7 +1233,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1232,7 +1251,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1256,7 +1275,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1280,7 +1299,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1603,7 +1622,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1668,7 +1687,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1727,7 +1746,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1751,7 +1770,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1863,7 +1882,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1887,7 +1906,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1948,11 +1967,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1979,9 +2015,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2044,7 +2083,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2062,7 +2101,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2086,7 +2125,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2110,7 +2149,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2445,7 +2484,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2510,7 +2549,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2569,7 +2608,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2593,7 +2632,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2705,7 +2744,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2729,7 +2768,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2790,11 +2829,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2821,9 +2877,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2886,7 +2945,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2904,7 +2963,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2928,7 +2987,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2952,7 +3011,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3143,7 +3202,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3154,7 +3213,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3163,7 +3222,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3218,7 +3277,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3258,7 +3317,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3344,7 +3403,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3628,7 +3687,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3706,7 +3765,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3733,7 +3792,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@@ -2,4 +2,3 @@ Thank you for installing {{ .Chart.Name }}.
|
|||||||
|
|
||||||
Your release is named {{ .Release.Name }}.
|
Your release is named {{ .Release.Name }}.
|
||||||
|
|
||||||
WARNING: value specified under image.pullPolicy will be ignored and no longer be applied to the listener pod spec as of gha-runner-scale-set-0.7.0. Please use the listenerTemplate in the gha-runner-scale-set chart to control the image pull policy of the listener.
|
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
|||||||
app.kubernetes.io/part-of: gha-rs-controller
|
app.kubernetes.io/part-of: gha-rs-controller
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
{{- range $k, $v := .Values.labels }}
|
{{- range $k, $v := .Values.labels }}
|
||||||
{{ $k }}: {{ $v }}
|
{{ $k }}: {{ $v | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
|||||||
@@ -94,8 +94,6 @@ spec:
|
|||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: metadata.namespace
|
fieldPath: metadata.namespace
|
||||||
- name: CONTROLLER_MANAGER_LISTENER_IMAGE_PULL_POLICY
|
|
||||||
value: "{{ .Values.image.pullPolicy | default "IfNotPresent" }}"
|
|
||||||
{{- with .Values.env }}
|
{{- with .Values.env }}
|
||||||
{{- if kindIs "slice" . }}
|
{{- if kindIs "slice" . }}
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
@@ -112,10 +110,16 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /tmp
|
- mountPath: /tmp
|
||||||
name: tmp
|
name: tmp
|
||||||
|
{{- range .Values.volumeMounts }}
|
||||||
|
- {{ toYaml . | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
terminationGracePeriodSeconds: 10
|
terminationGracePeriodSeconds: 10
|
||||||
volumes:
|
volumes:
|
||||||
- name: tmp
|
- name: tmp
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
|
{{- range .Values.volumes }}
|
||||||
|
- {{ toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
|
|||||||
@@ -368,14 +368,12 @@ func TestTemplate_ControllerDeployment_Defaults(t *testing.T) {
|
|||||||
}
|
}
|
||||||
assert.ElementsMatch(t, expectedArgs, deployment.Spec.Template.Spec.Containers[0].Args)
|
assert.ElementsMatch(t, expectedArgs, deployment.Spec.Template.Spec.Containers[0].Args)
|
||||||
|
|
||||||
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 3)
|
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 2)
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
|
assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
|
||||||
assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
|
assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
|
||||||
|
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
|
assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
|
||||||
assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
|
assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_LISTENER_IMAGE_PULL_POLICY", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
|
|
||||||
assert.Equal(t, "IfNotPresent", deployment.Spec.Template.Spec.Containers[0].Env[2].Value) // default value. Needs to align with controllers/actions.github.com/resourcebuilder.go
|
|
||||||
|
|
||||||
assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Resources)
|
assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Resources)
|
||||||
assert.Nil(t, deployment.Spec.Template.Spec.Containers[0].SecurityContext)
|
assert.Nil(t, deployment.Spec.Template.Spec.Containers[0].SecurityContext)
|
||||||
@@ -406,6 +404,8 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
|
|||||||
SetValues: map[string]string{
|
SetValues: map[string]string{
|
||||||
"labels.foo": "bar",
|
"labels.foo": "bar",
|
||||||
"labels.github": "actions",
|
"labels.github": "actions",
|
||||||
|
"labels.team": "GitHub Team",
|
||||||
|
"labels.teamMail": "team@github.com",
|
||||||
"replicaCount": "1",
|
"replicaCount": "1",
|
||||||
"image.pullPolicy": "Always",
|
"image.pullPolicy": "Always",
|
||||||
"image.tag": "dev",
|
"image.tag": "dev",
|
||||||
@@ -424,10 +424,14 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
|
|||||||
"tolerations[0].key": "foo",
|
"tolerations[0].key": "foo",
|
||||||
"affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key": "foo",
|
"affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key": "foo",
|
||||||
"affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator": "bar",
|
"affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator": "bar",
|
||||||
"priorityClassName": "test-priority-class",
|
"priorityClassName": "test-priority-class",
|
||||||
"flags.updateStrategy": "eventual",
|
"flags.updateStrategy": "eventual",
|
||||||
"flags.logLevel": "info",
|
"flags.logLevel": "info",
|
||||||
"flags.logFormat": "json",
|
"flags.logFormat": "json",
|
||||||
|
"volumes[0].name": "customMount",
|
||||||
|
"volumes[0].configMap.name": "my-configmap",
|
||||||
|
"volumeMounts[0].name": "customMount",
|
||||||
|
"volumeMounts[0].mountPath": "/my/mount/path",
|
||||||
},
|
},
|
||||||
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||||
}
|
}
|
||||||
@@ -447,6 +451,8 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
|
|||||||
assert.Equal(t, "gha-rs-controller", deployment.Labels["app.kubernetes.io/part-of"])
|
assert.Equal(t, "gha-rs-controller", deployment.Labels["app.kubernetes.io/part-of"])
|
||||||
assert.Equal(t, "bar", deployment.Labels["foo"])
|
assert.Equal(t, "bar", deployment.Labels["foo"])
|
||||||
assert.Equal(t, "actions", deployment.Labels["github"])
|
assert.Equal(t, "actions", deployment.Labels["github"])
|
||||||
|
assert.Equal(t, "GitHub Team", deployment.Labels["team"])
|
||||||
|
assert.Equal(t, "team@github.com", deployment.Labels["teamMail"])
|
||||||
|
|
||||||
assert.Equal(t, int32(1), *deployment.Spec.Replicas)
|
assert.Equal(t, int32(1), *deployment.Spec.Replicas)
|
||||||
|
|
||||||
@@ -459,8 +465,8 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
|
|||||||
assert.Equal(t, "bar", deployment.Spec.Template.Annotations["foo"])
|
assert.Equal(t, "bar", deployment.Spec.Template.Annotations["foo"])
|
||||||
assert.Equal(t, "manager", deployment.Spec.Template.Annotations["kubectl.kubernetes.io/default-container"])
|
assert.Equal(t, "manager", deployment.Spec.Template.Annotations["kubectl.kubernetes.io/default-container"])
|
||||||
|
|
||||||
assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Name)
|
assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
|
||||||
assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Value)
|
assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Value)
|
||||||
|
|
||||||
assert.Len(t, deployment.Spec.Template.Spec.ImagePullSecrets, 1)
|
assert.Len(t, deployment.Spec.Template.Spec.ImagePullSecrets, 1)
|
||||||
assert.Equal(t, "dockerhub", deployment.Spec.Template.Spec.ImagePullSecrets[0].Name)
|
assert.Equal(t, "dockerhub", deployment.Spec.Template.Spec.ImagePullSecrets[0].Name)
|
||||||
@@ -468,9 +474,11 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
|
|||||||
assert.Equal(t, int64(1000), *deployment.Spec.Template.Spec.SecurityContext.FSGroup)
|
assert.Equal(t, int64(1000), *deployment.Spec.Template.Spec.SecurityContext.FSGroup)
|
||||||
assert.Equal(t, "test-priority-class", deployment.Spec.Template.Spec.PriorityClassName)
|
assert.Equal(t, "test-priority-class", deployment.Spec.Template.Spec.PriorityClassName)
|
||||||
assert.Equal(t, int64(10), *deployment.Spec.Template.Spec.TerminationGracePeriodSeconds)
|
assert.Equal(t, int64(10), *deployment.Spec.Template.Spec.TerminationGracePeriodSeconds)
|
||||||
assert.Len(t, deployment.Spec.Template.Spec.Volumes, 1)
|
assert.Len(t, deployment.Spec.Template.Spec.Volumes, 2)
|
||||||
assert.Equal(t, "tmp", deployment.Spec.Template.Spec.Volumes[0].Name)
|
assert.Equal(t, "tmp", deployment.Spec.Template.Spec.Volumes[0].Name)
|
||||||
assert.NotNil(t, 10, deployment.Spec.Template.Spec.Volumes[0].EmptyDir)
|
assert.NotNil(t, deployment.Spec.Template.Spec.Volumes[0].EmptyDir)
|
||||||
|
assert.Equal(t, "customMount", deployment.Spec.Template.Spec.Volumes[1].Name)
|
||||||
|
assert.Equal(t, "my-configmap", deployment.Spec.Template.Spec.Volumes[1].ConfigMap.Name)
|
||||||
|
|
||||||
assert.Len(t, deployment.Spec.Template.Spec.NodeSelector, 1)
|
assert.Len(t, deployment.Spec.Template.Spec.NodeSelector, 1)
|
||||||
assert.Equal(t, "bar", deployment.Spec.Template.Spec.NodeSelector["foo"])
|
assert.Equal(t, "bar", deployment.Spec.Template.Spec.NodeSelector["foo"])
|
||||||
@@ -505,25 +513,25 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
|
|||||||
|
|
||||||
assert.ElementsMatch(t, expectArgs, deployment.Spec.Template.Spec.Containers[0].Args)
|
assert.ElementsMatch(t, expectArgs, deployment.Spec.Template.Spec.Containers[0].Args)
|
||||||
|
|
||||||
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 4)
|
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 3)
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
|
assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
|
||||||
assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
|
assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
|
||||||
|
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
|
assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
|
||||||
assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
|
assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_LISTENER_IMAGE_PULL_POLICY", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
|
|
||||||
assert.Equal(t, "Always", deployment.Spec.Template.Spec.Containers[0].Env[2].Value) // default value. Needs to align with controllers/actions.github.com/resourcebuilder.go
|
|
||||||
|
|
||||||
assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Name)
|
assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
|
||||||
assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Value)
|
assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Value)
|
||||||
|
|
||||||
assert.Equal(t, "500m", deployment.Spec.Template.Spec.Containers[0].Resources.Limits.Cpu().String())
|
assert.Equal(t, "500m", deployment.Spec.Template.Spec.Containers[0].Resources.Limits.Cpu().String())
|
||||||
assert.True(t, *deployment.Spec.Template.Spec.Containers[0].SecurityContext.RunAsNonRoot)
|
assert.True(t, *deployment.Spec.Template.Spec.Containers[0].SecurityContext.RunAsNonRoot)
|
||||||
assert.Equal(t, int64(1000), *deployment.Spec.Template.Spec.Containers[0].SecurityContext.RunAsUser)
|
assert.Equal(t, int64(1000), *deployment.Spec.Template.Spec.Containers[0].SecurityContext.RunAsUser)
|
||||||
|
|
||||||
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 1)
|
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 2)
|
||||||
assert.Equal(t, "tmp", deployment.Spec.Template.Spec.Containers[0].VolumeMounts[0].Name)
|
assert.Equal(t, "tmp", deployment.Spec.Template.Spec.Containers[0].VolumeMounts[0].Name)
|
||||||
assert.Equal(t, "/tmp", deployment.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath)
|
assert.Equal(t, "/tmp", deployment.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath)
|
||||||
|
assert.Equal(t, "customMount", deployment.Spec.Template.Spec.Containers[0].VolumeMounts[1].Name)
|
||||||
|
assert.Equal(t, "/my/mount/path", deployment.Spec.Template.Spec.Containers[0].VolumeMounts[1].MountPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTemplate_EnableLeaderElectionRole(t *testing.T) {
|
func TestTemplate_EnableLeaderElectionRole(t *testing.T) {
|
||||||
@@ -762,14 +770,12 @@ func TestTemplate_ControllerDeployment_WatchSingleNamespace(t *testing.T) {
|
|||||||
|
|
||||||
assert.ElementsMatch(t, expectedArgs, deployment.Spec.Template.Spec.Containers[0].Args)
|
assert.ElementsMatch(t, expectedArgs, deployment.Spec.Template.Spec.Containers[0].Args)
|
||||||
|
|
||||||
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 3)
|
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 2)
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
|
assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
|
||||||
assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
|
assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
|
||||||
|
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
|
assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
|
||||||
assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
|
assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
|
||||||
assert.Equal(t, "CONTROLLER_MANAGER_LISTENER_IMAGE_PULL_POLICY", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
|
|
||||||
assert.Equal(t, "IfNotPresent", deployment.Spec.Template.Spec.Containers[0].Env[2].Value) // default value. Needs to align with controllers/actions.github.com/resourcebuilder.go
|
|
||||||
|
|
||||||
assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Resources)
|
assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Resources)
|
||||||
assert.Nil(t, deployment.Spec.Template.Spec.Containers[0].SecurityContext)
|
assert.Nil(t, deployment.Spec.Template.Spec.Containers[0].SecurityContext)
|
||||||
@@ -812,17 +818,17 @@ func TestTemplate_ControllerContainerEnvironmentVariables(t *testing.T) {
|
|||||||
assert.Equal(t, namespaceName, deployment.Namespace)
|
assert.Equal(t, namespaceName, deployment.Namespace)
|
||||||
assert.Equal(t, "test-arc-gha-rs-controller", deployment.Name)
|
assert.Equal(t, "test-arc-gha-rs-controller", deployment.Name)
|
||||||
|
|
||||||
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 7)
|
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 6)
|
||||||
assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Name)
|
assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
|
||||||
assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Value)
|
assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Value)
|
||||||
assert.Equal(t, "ENV_VAR_NAME_2", deployment.Spec.Template.Spec.Containers[0].Env[4].Name)
|
assert.Equal(t, "ENV_VAR_NAME_2", deployment.Spec.Template.Spec.Containers[0].Env[3].Name)
|
||||||
assert.Equal(t, "secret-name", deployment.Spec.Template.Spec.Containers[0].Env[4].ValueFrom.SecretKeyRef.Name)
|
assert.Equal(t, "secret-name", deployment.Spec.Template.Spec.Containers[0].Env[3].ValueFrom.SecretKeyRef.Name)
|
||||||
assert.Equal(t, "ENV_VAR_NAME_2", deployment.Spec.Template.Spec.Containers[0].Env[4].ValueFrom.SecretKeyRef.Key)
|
assert.Equal(t, "ENV_VAR_NAME_2", deployment.Spec.Template.Spec.Containers[0].Env[3].ValueFrom.SecretKeyRef.Key)
|
||||||
assert.True(t, *deployment.Spec.Template.Spec.Containers[0].Env[4].ValueFrom.SecretKeyRef.Optional)
|
assert.True(t, *deployment.Spec.Template.Spec.Containers[0].Env[3].ValueFrom.SecretKeyRef.Optional)
|
||||||
assert.Equal(t, "ENV_VAR_NAME_3", deployment.Spec.Template.Spec.Containers[0].Env[5].Name)
|
assert.Equal(t, "ENV_VAR_NAME_3", deployment.Spec.Template.Spec.Containers[0].Env[4].Name)
|
||||||
assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Env[5].Value)
|
assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Env[4].Value)
|
||||||
assert.Equal(t, "ENV_VAR_NAME_4", deployment.Spec.Template.Spec.Containers[0].Env[6].Name)
|
assert.Equal(t, "ENV_VAR_NAME_4", deployment.Spec.Template.Spec.Containers[0].Env[5].Name)
|
||||||
assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Env[6].ValueFrom)
|
assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Env[5].ValueFrom)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTemplate_WatchSingleNamespace_NotCreateManagerClusterRole(t *testing.T) {
|
func TestTemplate_WatchSingleNamespace_NotCreateManagerClusterRole(t *testing.T) {
|
||||||
|
|||||||
@@ -72,6 +72,10 @@ tolerations: []
|
|||||||
|
|
||||||
affinity: {}
|
affinity: {}
|
||||||
|
|
||||||
|
# Mount volumes in the container.
|
||||||
|
volumes: []
|
||||||
|
volumeMounts: []
|
||||||
|
|
||||||
# Leverage a PriorityClass to ensure your pods survive resource shortages
|
# Leverage a PriorityClass to ensure your pods survive resource shortages
|
||||||
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
||||||
# PriorityClass: system-cluster-critical
|
# PriorityClass: system-cluster-critical
|
||||||
@@ -102,7 +106,7 @@ flags:
|
|||||||
|
|
||||||
## Defines how the controller should handle upgrades while having running jobs.
|
## Defines how the controller should handle upgrades while having running jobs.
|
||||||
##
|
##
|
||||||
## The srategies available are:
|
## The strategies available are:
|
||||||
## - "immediate": (default) The controller will immediately apply the change causing the
|
## - "immediate": (default) The controller will immediately apply the change causing the
|
||||||
## recreation of the listener and ephemeral runner set. This can lead to an
|
## recreation of the listener and ephemeral runner set. This can lead to an
|
||||||
## overprovisioning of runners, if there are pending / running jobs. This should not
|
## overprovisioning of runners, if there are pending / running jobs. This should not
|
||||||
|
|||||||
@@ -15,18 +15,18 @@ type: application
|
|||||||
# This is the chart version. This version number should be incremented each time you make changes
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
# to the chart and its templates, including the app version.
|
# to the chart and its templates, including the app version.
|
||||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
version: 0.6.1
|
version: 0.8.3
|
||||||
|
|
||||||
# This is the version number of the application being deployed. This version number should be
|
# This is the version number of the application being deployed. This version number should be
|
||||||
# incremented each time you make changes to the application. Versions are not expected to
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||||
# It is recommended to use it with quotes.
|
# It is recommended to use it with quotes.
|
||||||
appVersion: "0.6.1"
|
appVersion: "0.8.3"
|
||||||
|
|
||||||
home: https://github.com/actions/dev-arc
|
home: https://github.com/actions/actions-runner-controller
|
||||||
|
|
||||||
sources:
|
sources:
|
||||||
- "https://github.com/actions/dev-arc"
|
- "https://github.com/actions/actions-runner-controller"
|
||||||
|
|
||||||
maintainers:
|
maintainers:
|
||||||
- name: actions
|
- name: actions
|
||||||
|
|||||||
@@ -385,6 +385,9 @@ volumeMounts:
|
|||||||
{{- $setNodeExtraCaCerts = 1 }}
|
{{- $setNodeExtraCaCerts = 1 }}
|
||||||
{{- $setRunnerUpdateCaCerts = 1 }}
|
{{- $setRunnerUpdateCaCerts = 1 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- $mountGitHubServerTLS := 0 }}
|
||||||
|
{{- if or $container.env $setNodeExtraCaCerts $setRunnerUpdateCaCerts }}
|
||||||
env:
|
env:
|
||||||
{{- with $container.env }}
|
{{- with $container.env }}
|
||||||
{{- range $i, $env := . }}
|
{{- range $i, $env := . }}
|
||||||
@@ -405,10 +408,12 @@ volumeMounts:
|
|||||||
- name: RUNNER_UPDATE_CA_CERTS
|
- name: RUNNER_UPDATE_CA_CERTS
|
||||||
value: "1"
|
value: "1"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- $mountGitHubServerTLS := 0 }}
|
|
||||||
{{- if $tlsConfig.runnerMountPath }}
|
{{- if $tlsConfig.runnerMountPath }}
|
||||||
{{- $mountGitHubServerTLS = 1 }}
|
{{- $mountGitHubServerTLS = 1 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if or $container.volumeMounts $mountGitHubServerTLS }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
{{- with $container.volumeMounts }}
|
{{- with $container.volumeMounts }}
|
||||||
{{- range $i, $volMount := . }}
|
{{- range $i, $volMount := . }}
|
||||||
@@ -423,6 +428,7 @@ volumeMounts:
|
|||||||
mountPath: {{ clean (print $tlsConfig.runnerMountPath "/" $tlsConfig.certificateFrom.configMapKeyRef.key) }}
|
mountPath: {{ clean (print $tlsConfig.runnerMountPath "/" $tlsConfig.certificateFrom.configMapKeyRef.key) }}
|
||||||
subPath: {{ $tlsConfig.certificateFrom.configMapKeyRef.key }}
|
subPath: {{ $tlsConfig.certificateFrom.configMapKeyRef.key }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@@ -520,13 +526,13 @@ volumeMounts:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (eq $multiNamespacesCounter 0) (eq $singleNamespaceCounter 0) }}
|
{{- if and (eq $multiNamespacesCounter 0) (eq $singleNamespaceCounter 0) }}
|
||||||
{{- fail "No gha-rs-controller deployment found using label (app.kubernetes.io/part-of=gha-rs-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
|
{{- fail "No gha-rs-controller deployment found using label (app.kubernetes.io/part-of=gha-rs-controller). Consider setting controllerServiceAccount.namespace in values.yaml to be explicit if you think the discovery is wrong." }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (gt $multiNamespacesCounter 0) (gt $singleNamespaceCounter 0) }}
|
{{- if and (gt $multiNamespacesCounter 0) (gt $singleNamespaceCounter 0) }}
|
||||||
{{- fail "Found both gha-rs-controller installed with flags.watchSingleNamespace set and unset in cluster, this is not supported. Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
|
{{- fail "Found both gha-rs-controller installed with flags.watchSingleNamespace set and unset in cluster, this is not supported. Consider setting controllerServiceAccount.namespace in values.yaml to be explicit if you think the discovery is wrong." }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if gt $multiNamespacesCounter 1 }}
|
{{- if gt $multiNamespacesCounter 1 }}
|
||||||
{{- fail "More than one gha-rs-controller deployment found using label (app.kubernetes.io/part-of=gha-rs-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
|
{{- fail "More than one gha-rs-controller deployment found using label (app.kubernetes.io/part-of=gha-rs-controller). Consider setting controllerServiceAccount.namespace in values.yaml to be explicit if you think the discovery is wrong." }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if eq $multiNamespacesCounter 1 }}
|
{{- if eq $multiNamespacesCounter 1 }}
|
||||||
{{- with $controllerDeployment.metadata }}
|
{{- with $controllerDeployment.metadata }}
|
||||||
@@ -539,11 +545,11 @@ volumeMounts:
|
|||||||
{{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }}
|
{{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
{{- fail "No gha-rs-controller deployment that watch this namespace found using label (actions.github.com/controller-watch-single-namespace). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
|
{{- fail "No gha-rs-controller deployment that watch this namespace found using label (actions.github.com/controller-watch-single-namespace). Consider setting controllerServiceAccount.namespace in values.yaml to be explicit if you think the discovery is wrong." }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if eq $managerServiceAccountNamespace "" }}
|
{{- if eq $managerServiceAccountNamespace "" }}
|
||||||
{{- fail "No service account namespace found for gha-rs-controller deployment using label (actions.github.com/controller-service-account-namespace), consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
|
{{- fail "No service account namespace found for gha-rs-controller deployment using label (actions.github.com/controller-service-account-namespace), consider setting controllerServiceAccount.namespace in values.yaml to be explicit if you think the discovery is wrong." }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- $managerServiceAccountNamespace }}
|
{{- $managerServiceAccountNamespace }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -5,6 +5,12 @@ kind: ServiceAccount
|
|||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }}
|
name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- if .Values.containerMode.kubernetesModeServiceAccount }}
|
||||||
|
{{- with .Values.containerMode.kubernetesModeServiceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
finalizers:
|
finalizers:
|
||||||
- actions.github.com/cleanup-protection
|
- actions.github.com/cleanup-protection
|
||||||
labels:
|
labels:
|
||||||
|
|||||||
@@ -742,6 +742,37 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraInitContainers(t *testin
|
|||||||
assert.Equal(t, "ls", ars.Spec.Template.Spec.InitContainers[2].Command[0], "InitContainers[2] Command[0] should be ls")
|
assert.Equal(t, "ls", ars.Spec.Template.Spec.InitContainers[2].Command[0], "InitContainers[2] Command[0] should be ls")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestTemplateRenderedKubernetesModeServiceAccountAnnotations(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
// Path to the helm chart we will test
|
||||||
|
helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
testValuesPath, err := filepath.Abs("../tests/values_kubernetes_mode_service_account_annotations.yaml")
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
releaseName := "test-runners"
|
||||||
|
namespaceName := "test-" + strings.ToLower(random.UniqueId())
|
||||||
|
|
||||||
|
options := &helm.Options{
|
||||||
|
Logger: logger.Discard,
|
||||||
|
SetValues: map[string]string{
|
||||||
|
"controllerServiceAccount.name": "arc",
|
||||||
|
"controllerServiceAccount.namespace": "arc-system",
|
||||||
|
},
|
||||||
|
ValuesFiles: []string{testValuesPath},
|
||||||
|
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||||
|
}
|
||||||
|
|
||||||
|
output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"})
|
||||||
|
|
||||||
|
var sa corev1.ServiceAccount
|
||||||
|
helm.UnmarshalK8SYaml(t, output, &sa)
|
||||||
|
|
||||||
|
assert.Equal(t, "arn:aws:iam::123456789012:role/sample-role", sa.Annotations["eks.amazonaws.com/role-arn"], "Annotations should be arn:aws:iam::123456789012:role/sample-role")
|
||||||
|
}
|
||||||
|
|
||||||
func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) {
|
func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
@@ -1986,3 +2017,75 @@ func TestTemplateRenderedAutoscalingRunnerSetAnnotation_KubernetesModeCleanup(t
|
|||||||
assert.Equal(t, value, autoscalingRunnerSet.Annotations[annotation], fmt.Sprintf("Annotation %q does not match the expected value", annotation))
|
assert.Equal(t, value, autoscalingRunnerSet.Annotations[annotation], fmt.Sprintf("Annotation %q does not match the expected value", annotation))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestRunnerContainerEnvNotEmptyMap(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
// Path to the helm chart we will test
|
||||||
|
helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
testValuesPath, err := filepath.Abs("../tests/values.yaml")
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
releaseName := "test-runners"
|
||||||
|
namespaceName := "test-" + strings.ToLower(random.UniqueId())
|
||||||
|
|
||||||
|
options := &helm.Options{
|
||||||
|
Logger: logger.Discard,
|
||||||
|
ValuesFiles: []string{testValuesPath},
|
||||||
|
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||||
|
}
|
||||||
|
|
||||||
|
output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
|
||||||
|
type testModel struct {
|
||||||
|
Spec struct {
|
||||||
|
Template struct {
|
||||||
|
Spec struct {
|
||||||
|
Containers []map[string]any `yaml:"containers"`
|
||||||
|
} `yaml:"spec"`
|
||||||
|
} `yaml:"template"`
|
||||||
|
} `yaml:"spec"`
|
||||||
|
}
|
||||||
|
|
||||||
|
var m testModel
|
||||||
|
helm.UnmarshalK8SYaml(t, output, &m)
|
||||||
|
_, ok := m.Spec.Template.Spec.Containers[0]["env"]
|
||||||
|
assert.False(t, ok, "env should not be set")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestRunnerContainerVolumeNotEmptyMap(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
// Path to the helm chart we will test
|
||||||
|
helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
testValuesPath, err := filepath.Abs("../tests/values.yaml")
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
releaseName := "test-runners"
|
||||||
|
namespaceName := "test-" + strings.ToLower(random.UniqueId())
|
||||||
|
|
||||||
|
options := &helm.Options{
|
||||||
|
Logger: logger.Discard,
|
||||||
|
ValuesFiles: []string{testValuesPath},
|
||||||
|
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||||
|
}
|
||||||
|
|
||||||
|
output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
|
||||||
|
type testModel struct {
|
||||||
|
Spec struct {
|
||||||
|
Template struct {
|
||||||
|
Spec struct {
|
||||||
|
Containers []map[string]any `yaml:"containers"`
|
||||||
|
} `yaml:"spec"`
|
||||||
|
} `yaml:"template"`
|
||||||
|
} `yaml:"spec"`
|
||||||
|
}
|
||||||
|
|
||||||
|
var m testModel
|
||||||
|
helm.UnmarshalK8SYaml(t, output, &m)
|
||||||
|
_, ok := m.Spec.Template.Spec.Containers[0]["volumeMounts"]
|
||||||
|
assert.False(t, ok, "volumeMounts should not be set")
|
||||||
|
}
|
||||||
|
|||||||
@@ -28,4 +28,4 @@ template:
|
|||||||
path: /data
|
path: /data
|
||||||
type: Directory
|
type: Directory
|
||||||
containerMode:
|
containerMode:
|
||||||
type: kubernetes
|
type: kubernetes
|
||||||
|
|||||||
@@ -0,0 +1,8 @@
|
|||||||
|
githubConfigUrl: https://github.com/actions/actions-runner-controller
|
||||||
|
githubConfigSecret:
|
||||||
|
github_token: test
|
||||||
|
containerMode:
|
||||||
|
type: kubernetes
|
||||||
|
kubernetesModeServiceAccount:
|
||||||
|
annotations:
|
||||||
|
eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/sample-role
|
||||||
@@ -39,7 +39,8 @@ githubConfigSecret:
|
|||||||
## maxRunners is the max number of runners the autoscaling runner set will scale up to.
|
## maxRunners is the max number of runners the autoscaling runner set will scale up to.
|
||||||
# maxRunners: 5
|
# maxRunners: 5
|
||||||
|
|
||||||
## minRunners is the min number of runners the autoscaling runner set will scale down to.
|
## minRunners is the min number of idle runners. The target number of runners created will be
|
||||||
|
## calculated as a sum of minRunners and the number of jobs assigned to the scale set.
|
||||||
# minRunners: 0
|
# minRunners: 0
|
||||||
|
|
||||||
# runnerGroup: "default"
|
# runnerGroup: "default"
|
||||||
@@ -84,6 +85,8 @@ githubConfigSecret:
|
|||||||
# resources:
|
# resources:
|
||||||
# requests:
|
# requests:
|
||||||
# storage: 1Gi
|
# storage: 1Gi
|
||||||
|
# kubernetesModeServiceAccount:
|
||||||
|
# annotations:
|
||||||
|
|
||||||
## template is the PodSpec for each listener Pod
|
## template is the PodSpec for each listener Pod
|
||||||
## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
|
## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
|
||||||
|
|||||||
133
cmd/ghalistener/app/app.go
Normal file
133
cmd/ghalistener/app/app.go
Normal file
@@ -0,0 +1,133 @@
|
|||||||
|
package app
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/config"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/listener"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/metrics"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/worker"
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
"github.com/go-logr/logr"
|
||||||
|
"golang.org/x/sync/errgroup"
|
||||||
|
)
|
||||||
|
|
||||||
|
// App is responsible for initializing required components and running the app.
|
||||||
|
type App struct {
|
||||||
|
// configured fields
|
||||||
|
config config.Config
|
||||||
|
logger logr.Logger
|
||||||
|
|
||||||
|
// initialized fields
|
||||||
|
listener Listener
|
||||||
|
worker Worker
|
||||||
|
metrics metrics.ServerPublisher
|
||||||
|
}
|
||||||
|
|
||||||
|
//go:generate mockery --name Listener --output ./mocks --outpkg mocks --case underscore
|
||||||
|
type Listener interface {
|
||||||
|
Listen(ctx context.Context, handler listener.Handler) error
|
||||||
|
}
|
||||||
|
|
||||||
|
//go:generate mockery --name Worker --output ./mocks --outpkg mocks --case underscore
|
||||||
|
type Worker interface {
|
||||||
|
HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error
|
||||||
|
HandleDesiredRunnerCount(ctx context.Context, count int) (int, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
func New(config config.Config) (*App, error) {
|
||||||
|
app := &App{
|
||||||
|
config: config,
|
||||||
|
}
|
||||||
|
|
||||||
|
ghConfig, err := actions.ParseGitHubConfigFromURL(config.ConfigureUrl)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to parse GitHub config from URL: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
logger, err := config.Logger()
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create logger: %w", err)
|
||||||
|
}
|
||||||
|
app.logger = logger.WithName("listener-app")
|
||||||
|
}
|
||||||
|
|
||||||
|
actionsClient, err := config.ActionsClient(app.logger)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create actions client: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if config.MetricsAddr != "" {
|
||||||
|
app.metrics = metrics.NewExporter(metrics.ExporterConfig{
|
||||||
|
ScaleSetName: config.EphemeralRunnerSetName,
|
||||||
|
ScaleSetNamespace: config.EphemeralRunnerSetNamespace,
|
||||||
|
Enterprise: ghConfig.Enterprise,
|
||||||
|
Organization: ghConfig.Organization,
|
||||||
|
Repository: ghConfig.Repository,
|
||||||
|
ServerAddr: config.MetricsAddr,
|
||||||
|
ServerEndpoint: config.MetricsEndpoint,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
worker, err := worker.New(
|
||||||
|
worker.Config{
|
||||||
|
EphemeralRunnerSetNamespace: config.EphemeralRunnerSetNamespace,
|
||||||
|
EphemeralRunnerSetName: config.EphemeralRunnerSetName,
|
||||||
|
MaxRunners: config.MaxRunners,
|
||||||
|
MinRunners: config.MinRunners,
|
||||||
|
},
|
||||||
|
worker.WithLogger(app.logger.WithName("worker")),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create new kubernetes worker: %w", err)
|
||||||
|
}
|
||||||
|
app.worker = worker
|
||||||
|
|
||||||
|
listener, err := listener.New(listener.Config{
|
||||||
|
Client: actionsClient,
|
||||||
|
ScaleSetID: app.config.RunnerScaleSetId,
|
||||||
|
MinRunners: app.config.MinRunners,
|
||||||
|
MaxRunners: app.config.MaxRunners,
|
||||||
|
Logger: app.logger.WithName("listener"),
|
||||||
|
Metrics: app.metrics,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create new listener: %w", err)
|
||||||
|
}
|
||||||
|
app.listener = listener
|
||||||
|
|
||||||
|
app.logger.Info("app initialized")
|
||||||
|
|
||||||
|
return app, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (app *App) Run(ctx context.Context) error {
|
||||||
|
var errs []error
|
||||||
|
if app.worker == nil {
|
||||||
|
errs = append(errs, fmt.Errorf("worker not initialized"))
|
||||||
|
}
|
||||||
|
if app.listener == nil {
|
||||||
|
errs = append(errs, fmt.Errorf("listener not initialized"))
|
||||||
|
}
|
||||||
|
if err := errors.Join(errs...); err != nil {
|
||||||
|
return fmt.Errorf("app not initialized: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
g, ctx := errgroup.WithContext(ctx)
|
||||||
|
g.Go(func() error {
|
||||||
|
app.logger.Info("Starting listener")
|
||||||
|
return app.listener.Listen(ctx, app.worker)
|
||||||
|
})
|
||||||
|
|
||||||
|
if app.metrics != nil {
|
||||||
|
g.Go(func() error {
|
||||||
|
app.logger.Info("Starting metrics server")
|
||||||
|
return app.metrics.ListenAndServe(ctx)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
return g.Wait()
|
||||||
|
}
|
||||||
85
cmd/ghalistener/app/app_test.go
Normal file
85
cmd/ghalistener/app/app_test.go
Normal file
@@ -0,0 +1,85 @@
|
|||||||
|
package app
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"errors"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
appmocks "github.com/actions/actions-runner-controller/cmd/ghalistener/app/mocks"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/listener"
|
||||||
|
metricsMocks "github.com/actions/actions-runner-controller/cmd/ghalistener/metrics/mocks"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/worker"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/mock"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestApp_Run(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("ListenerWorkerGuard", func(t *testing.T) {
|
||||||
|
invalidApps := []*App{
|
||||||
|
{},
|
||||||
|
{worker: &worker.Worker{}},
|
||||||
|
{listener: &listener.Listener{}},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, app := range invalidApps {
|
||||||
|
assert.Error(t, app.Run(context.Background()))
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("ExitsOnListenerError", func(t *testing.T) {
|
||||||
|
listener := appmocks.NewListener(t)
|
||||||
|
worker := appmocks.NewWorker(t)
|
||||||
|
|
||||||
|
listener.On("Listen", mock.Anything, mock.Anything).Return(errors.New("listener error")).Once()
|
||||||
|
|
||||||
|
app := &App{
|
||||||
|
listener: listener,
|
||||||
|
worker: worker,
|
||||||
|
}
|
||||||
|
|
||||||
|
err := app.Run(context.Background())
|
||||||
|
assert.Error(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("ExitsOnListenerNil", func(t *testing.T) {
|
||||||
|
listener := appmocks.NewListener(t)
|
||||||
|
worker := appmocks.NewWorker(t)
|
||||||
|
|
||||||
|
listener.On("Listen", mock.Anything, mock.Anything).Return(nil).Once()
|
||||||
|
|
||||||
|
app := &App{
|
||||||
|
listener: listener,
|
||||||
|
worker: worker,
|
||||||
|
}
|
||||||
|
|
||||||
|
err := app.Run(context.Background())
|
||||||
|
assert.NoError(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("CancelListenerOnMetricsServerError", func(t *testing.T) {
|
||||||
|
listener := appmocks.NewListener(t)
|
||||||
|
worker := appmocks.NewWorker(t)
|
||||||
|
metrics := metricsMocks.NewServerPublisher(t)
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
listener.On("Listen", mock.Anything, mock.Anything).Run(func(args mock.Arguments) {
|
||||||
|
ctx := args.Get(0).(context.Context)
|
||||||
|
go func() {
|
||||||
|
<-ctx.Done()
|
||||||
|
}()
|
||||||
|
}).Return(nil).Once()
|
||||||
|
|
||||||
|
metrics.On("ListenAndServe", mock.Anything).Return(errors.New("metrics server error")).Once()
|
||||||
|
|
||||||
|
app := &App{
|
||||||
|
listener: listener,
|
||||||
|
worker: worker,
|
||||||
|
metrics: metrics,
|
||||||
|
}
|
||||||
|
|
||||||
|
err := app.Run(ctx)
|
||||||
|
assert.Error(t, err)
|
||||||
|
})
|
||||||
|
}
|
||||||
43
cmd/ghalistener/app/mocks/listener.go
Normal file
43
cmd/ghalistener/app/mocks/listener.go
Normal file
@@ -0,0 +1,43 @@
|
|||||||
|
// Code generated by mockery v2.36.1. DO NOT EDIT.
|
||||||
|
|
||||||
|
package mocks
|
||||||
|
|
||||||
|
import (
|
||||||
|
context "context"
|
||||||
|
|
||||||
|
listener "github.com/actions/actions-runner-controller/cmd/ghalistener/listener"
|
||||||
|
mock "github.com/stretchr/testify/mock"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Listener is an autogenerated mock type for the Listener type
|
||||||
|
type Listener struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
// Listen provides a mock function with given fields: ctx, handler
|
||||||
|
func (_m *Listener) Listen(ctx context.Context, handler listener.Handler) error {
|
||||||
|
ret := _m.Called(ctx, handler)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, listener.Handler) error); ok {
|
||||||
|
r0 = rf(ctx, handler)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewListener creates a new instance of Listener. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
|
||||||
|
// The first argument is typically a *testing.T value.
|
||||||
|
func NewListener(t interface {
|
||||||
|
mock.TestingT
|
||||||
|
Cleanup(func())
|
||||||
|
}) *Listener {
|
||||||
|
mock := &Listener{}
|
||||||
|
mock.Mock.Test(t)
|
||||||
|
|
||||||
|
t.Cleanup(func() { mock.AssertExpectations(t) })
|
||||||
|
|
||||||
|
return mock
|
||||||
|
}
|
||||||
68
cmd/ghalistener/app/mocks/worker.go
Normal file
68
cmd/ghalistener/app/mocks/worker.go
Normal file
@@ -0,0 +1,68 @@
|
|||||||
|
// Code generated by mockery v2.36.1. DO NOT EDIT.
|
||||||
|
|
||||||
|
package mocks
|
||||||
|
|
||||||
|
import (
|
||||||
|
actions "github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
|
||||||
|
context "context"
|
||||||
|
|
||||||
|
mock "github.com/stretchr/testify/mock"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Worker is an autogenerated mock type for the Worker type
|
||||||
|
type Worker struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
// HandleDesiredRunnerCount provides a mock function with given fields: ctx, count
|
||||||
|
func (_m *Worker) HandleDesiredRunnerCount(ctx context.Context, count int) (int, error) {
|
||||||
|
ret := _m.Called(ctx, count)
|
||||||
|
|
||||||
|
var r0 int
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int) (int, error)); ok {
|
||||||
|
return rf(ctx, count)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int) int); ok {
|
||||||
|
r0 = rf(ctx, count)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Get(0).(int)
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(context.Context, int) error); ok {
|
||||||
|
r1 = rf(ctx, count)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// HandleJobStarted provides a mock function with given fields: ctx, jobInfo
|
||||||
|
func (_m *Worker) HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error {
|
||||||
|
ret := _m.Called(ctx, jobInfo)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, *actions.JobStarted) error); ok {
|
||||||
|
r0 = rf(ctx, jobInfo)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewWorker creates a new instance of Worker. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
|
||||||
|
// The first argument is typically a *testing.T value.
|
||||||
|
func NewWorker(t interface {
|
||||||
|
mock.TestingT
|
||||||
|
Cleanup(func())
|
||||||
|
}) *Worker {
|
||||||
|
mock := &Worker{}
|
||||||
|
mock.Mock.Test(t)
|
||||||
|
|
||||||
|
t.Cleanup(func() { mock.AssertExpectations(t) })
|
||||||
|
|
||||||
|
return mock
|
||||||
|
}
|
||||||
161
cmd/ghalistener/config/config.go
Normal file
161
cmd/ghalistener/config/config.go
Normal file
@@ -0,0 +1,161 @@
|
|||||||
|
package config
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/x509"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"os"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/build"
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
"github.com/actions/actions-runner-controller/logging"
|
||||||
|
"github.com/go-logr/logr"
|
||||||
|
"golang.org/x/net/http/httpproxy"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
ConfigureUrl string `json:"configureUrl"`
|
||||||
|
AppID int64 `json:"appID"`
|
||||||
|
AppInstallationID int64 `json:"appInstallationID"`
|
||||||
|
AppPrivateKey string `json:"appPrivateKey"`
|
||||||
|
Token string `json:"token"`
|
||||||
|
EphemeralRunnerSetNamespace string `json:"ephemeralRunnerSetNamespace"`
|
||||||
|
EphemeralRunnerSetName string `json:"ephemeralRunnerSetName"`
|
||||||
|
MaxRunners int `json:"maxRunners"`
|
||||||
|
MinRunners int `json:"minRunners"`
|
||||||
|
RunnerScaleSetId int `json:"runnerScaleSetId"`
|
||||||
|
RunnerScaleSetName string `json:"runnerScaleSetName"`
|
||||||
|
ServerRootCA string `json:"serverRootCA"`
|
||||||
|
LogLevel string `json:"logLevel"`
|
||||||
|
LogFormat string `json:"logFormat"`
|
||||||
|
MetricsAddr string `json:"metricsAddr"`
|
||||||
|
MetricsEndpoint string `json:"metricsEndpoint"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func Read(path string) (Config, error) {
|
||||||
|
f, err := os.Open(path)
|
||||||
|
if err != nil {
|
||||||
|
return Config{}, err
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
|
||||||
|
var config Config
|
||||||
|
if err := json.NewDecoder(f).Decode(&config); err != nil {
|
||||||
|
return Config{}, fmt.Errorf("failed to decode config: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := config.validate(); err != nil {
|
||||||
|
return Config{}, fmt.Errorf("failed to validate config: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return config, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Config) validate() error {
|
||||||
|
if len(c.ConfigureUrl) == 0 {
|
||||||
|
return fmt.Errorf("GitHubConfigUrl is not provided")
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(c.EphemeralRunnerSetNamespace) == 0 || len(c.EphemeralRunnerSetName) == 0 {
|
||||||
|
return fmt.Errorf("EphemeralRunnerSetNamespace '%s' or EphemeralRunnerSetName '%s' is missing", c.EphemeralRunnerSetNamespace, c.EphemeralRunnerSetName)
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.RunnerScaleSetId == 0 {
|
||||||
|
return fmt.Errorf("RunnerScaleSetId '%d' is missing", c.RunnerScaleSetId)
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.MaxRunners < c.MinRunners {
|
||||||
|
return fmt.Errorf("MinRunners '%d' cannot be greater than MaxRunners '%d'", c.MinRunners, c.MaxRunners)
|
||||||
|
}
|
||||||
|
|
||||||
|
hasToken := len(c.Token) > 0
|
||||||
|
hasPrivateKeyConfig := c.AppID > 0 && c.AppPrivateKey != ""
|
||||||
|
|
||||||
|
if !hasToken && !hasPrivateKeyConfig {
|
||||||
|
return fmt.Errorf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(c.Token), c.AppID, c.AppInstallationID, len(c.AppPrivateKey))
|
||||||
|
}
|
||||||
|
|
||||||
|
if hasToken && hasPrivateKeyConfig {
|
||||||
|
return fmt.Errorf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(c.Token), c.AppID, c.AppInstallationID, len(c.AppPrivateKey))
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Config) Logger() (logr.Logger, error) {
|
||||||
|
logLevel := string(logging.LogLevelDebug)
|
||||||
|
if c.LogLevel != "" {
|
||||||
|
logLevel = c.LogLevel
|
||||||
|
}
|
||||||
|
|
||||||
|
logFormat := string(logging.LogFormatText)
|
||||||
|
if c.LogFormat != "" {
|
||||||
|
logFormat = c.LogFormat
|
||||||
|
}
|
||||||
|
|
||||||
|
logger, err := logging.NewLogger(logLevel, logFormat)
|
||||||
|
if err != nil {
|
||||||
|
return logr.Logger{}, fmt.Errorf("NewLogger failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return logger, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Config) ActionsClient(logger logr.Logger, clientOptions ...actions.ClientOption) (*actions.Client, error) {
|
||||||
|
var creds actions.ActionsAuth
|
||||||
|
switch c.Token {
|
||||||
|
case "":
|
||||||
|
creds.AppCreds = &actions.GitHubAppAuth{
|
||||||
|
AppID: c.AppID,
|
||||||
|
AppInstallationID: c.AppInstallationID,
|
||||||
|
AppPrivateKey: c.AppPrivateKey,
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
creds.Token = c.Token
|
||||||
|
}
|
||||||
|
|
||||||
|
options := append([]actions.ClientOption{
|
||||||
|
actions.WithLogger(logger),
|
||||||
|
}, clientOptions...)
|
||||||
|
|
||||||
|
if c.ServerRootCA != "" {
|
||||||
|
systemPool, err := x509.SystemCertPool()
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to load system cert pool: %w", err)
|
||||||
|
}
|
||||||
|
pool := systemPool.Clone()
|
||||||
|
ok := pool.AppendCertsFromPEM([]byte(c.ServerRootCA))
|
||||||
|
if !ok {
|
||||||
|
return nil, fmt.Errorf("failed to parse root certificate")
|
||||||
|
}
|
||||||
|
|
||||||
|
options = append(options, actions.WithRootCAs(pool))
|
||||||
|
}
|
||||||
|
|
||||||
|
proxyFunc := httpproxy.FromEnvironment().ProxyFunc()
|
||||||
|
options = append(options, actions.WithProxy(func(req *http.Request) (*url.URL, error) {
|
||||||
|
return proxyFunc(req.URL)
|
||||||
|
}))
|
||||||
|
|
||||||
|
client, err := actions.NewClient(c.ConfigureUrl, &creds, options...)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create actions client: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
client.SetUserAgent(actions.UserAgentInfo{
|
||||||
|
Version: build.Version,
|
||||||
|
CommitSHA: build.CommitSHA,
|
||||||
|
ScaleSetID: c.RunnerScaleSetId,
|
||||||
|
HasProxy: hasProxy(),
|
||||||
|
Subsystem: "ghalistener",
|
||||||
|
})
|
||||||
|
|
||||||
|
return client, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func hasProxy() bool {
|
||||||
|
proxyFunc := httpproxy.FromEnvironment().ProxyFunc()
|
||||||
|
return proxyFunc != nil
|
||||||
|
}
|
||||||
161
cmd/ghalistener/config/config_client_test.go
Normal file
161
cmd/ghalistener/config/config_client_test.go
Normal file
@@ -0,0 +1,161 @@
|
|||||||
|
package config_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/config"
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions/testserver"
|
||||||
|
"github.com/go-logr/logr"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestCustomerServerRootCA(t *testing.T) {
|
||||||
|
ctx := context.Background()
|
||||||
|
certsFolder := filepath.Join(
|
||||||
|
"../../../",
|
||||||
|
"github",
|
||||||
|
"actions",
|
||||||
|
"testdata",
|
||||||
|
)
|
||||||
|
certPath := filepath.Join(certsFolder, "server.crt")
|
||||||
|
keyPath := filepath.Join(certsFolder, "server.key")
|
||||||
|
|
||||||
|
serverCalledSuccessfully := false
|
||||||
|
|
||||||
|
server := testserver.NewUnstarted(t, http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||||
|
serverCalledSuccessfully = true
|
||||||
|
w.WriteHeader(http.StatusOK)
|
||||||
|
w.Write([]byte(`{"count": 0}`))
|
||||||
|
}))
|
||||||
|
cert, err := tls.LoadX509KeyPair(certPath, keyPath)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
server.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
|
||||||
|
server.StartTLS()
|
||||||
|
|
||||||
|
var certsString string
|
||||||
|
rootCA, err := os.ReadFile(filepath.Join(certsFolder, "rootCA.crt"))
|
||||||
|
require.NoError(t, err)
|
||||||
|
certsString = string(rootCA)
|
||||||
|
|
||||||
|
intermediate, err := os.ReadFile(filepath.Join(certsFolder, "intermediate.pem"))
|
||||||
|
require.NoError(t, err)
|
||||||
|
certsString = certsString + string(intermediate)
|
||||||
|
|
||||||
|
config := config.Config{
|
||||||
|
ConfigureUrl: server.ConfigURLForOrg("myorg"),
|
||||||
|
ServerRootCA: certsString,
|
||||||
|
Token: "token",
|
||||||
|
}
|
||||||
|
|
||||||
|
client, err := config.ActionsClient(logr.Discard())
|
||||||
|
require.NoError(t, err)
|
||||||
|
_, err = client.GetRunnerScaleSet(ctx, 1, "test")
|
||||||
|
require.NoError(t, err)
|
||||||
|
assert.True(t, serverCalledSuccessfully)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestProxySettings(t *testing.T) {
|
||||||
|
t.Run("http", func(t *testing.T) {
|
||||||
|
wentThroughProxy := false
|
||||||
|
|
||||||
|
proxy := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
|
||||||
|
wentThroughProxy = true
|
||||||
|
}))
|
||||||
|
t.Cleanup(func() {
|
||||||
|
proxy.Close()
|
||||||
|
})
|
||||||
|
|
||||||
|
prevProxy := os.Getenv("http_proxy")
|
||||||
|
os.Setenv("http_proxy", proxy.URL)
|
||||||
|
defer os.Setenv("http_proxy", prevProxy)
|
||||||
|
|
||||||
|
config := config.Config{
|
||||||
|
ConfigureUrl: "https://github.com/org/repo",
|
||||||
|
Token: "token",
|
||||||
|
}
|
||||||
|
|
||||||
|
client, err := config.ActionsClient(logr.Discard())
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
req, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
|
||||||
|
require.NoError(t, err)
|
||||||
|
_, err = client.Do(req)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
assert.True(t, wentThroughProxy)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("https", func(t *testing.T) {
|
||||||
|
wentThroughProxy := false
|
||||||
|
|
||||||
|
proxy := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
|
||||||
|
wentThroughProxy = true
|
||||||
|
}))
|
||||||
|
t.Cleanup(func() {
|
||||||
|
proxy.Close()
|
||||||
|
})
|
||||||
|
|
||||||
|
prevProxy := os.Getenv("https_proxy")
|
||||||
|
os.Setenv("https_proxy", proxy.URL)
|
||||||
|
defer os.Setenv("https_proxy", prevProxy)
|
||||||
|
|
||||||
|
config := config.Config{
|
||||||
|
ConfigureUrl: "https://github.com/org/repo",
|
||||||
|
Token: "token",
|
||||||
|
}
|
||||||
|
|
||||||
|
client, err := config.ActionsClient(logr.Discard(), actions.WithRetryMax(0))
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
req, err := http.NewRequest(http.MethodGet, "https://example.com", nil)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
_, err = client.Do(req)
|
||||||
|
// proxy doesn't support https
|
||||||
|
assert.Error(t, err)
|
||||||
|
assert.True(t, wentThroughProxy)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("no_proxy", func(t *testing.T) {
|
||||||
|
wentThroughProxy := false
|
||||||
|
|
||||||
|
proxy := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
|
||||||
|
wentThroughProxy = true
|
||||||
|
}))
|
||||||
|
t.Cleanup(func() {
|
||||||
|
proxy.Close()
|
||||||
|
})
|
||||||
|
|
||||||
|
prevProxy := os.Getenv("http_proxy")
|
||||||
|
os.Setenv("http_proxy", proxy.URL)
|
||||||
|
defer os.Setenv("http_proxy", prevProxy)
|
||||||
|
|
||||||
|
prevNoProxy := os.Getenv("no_proxy")
|
||||||
|
os.Setenv("no_proxy", "example.com")
|
||||||
|
defer os.Setenv("no_proxy", prevNoProxy)
|
||||||
|
|
||||||
|
config := config.Config{
|
||||||
|
ConfigureUrl: "https://github.com/org/repo",
|
||||||
|
Token: "token",
|
||||||
|
}
|
||||||
|
|
||||||
|
client, err := config.ActionsClient(logr.Discard())
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
req, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
_, err = client.Do(req)
|
||||||
|
require.NoError(t, err)
|
||||||
|
assert.False(t, wentThroughProxy)
|
||||||
|
})
|
||||||
|
}
|
||||||
92
cmd/ghalistener/config/config_test.go
Normal file
92
cmd/ghalistener/config/config_test.go
Normal file
@@ -0,0 +1,92 @@
|
|||||||
|
package config
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestConfigValidationMinMax(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
ConfigureUrl: "github.com/some_org/some_repo",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
MinRunners: 5,
|
||||||
|
MaxRunners: 2,
|
||||||
|
Token: "token",
|
||||||
|
}
|
||||||
|
err := config.validate()
|
||||||
|
assert.ErrorContains(t, err, "MinRunners '5' cannot be greater than MaxRunners '2", "Expected error about MinRunners > MaxRunners")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidationMissingToken(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
ConfigureUrl: "github.com/some_org/some_repo",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
}
|
||||||
|
err := config.validate()
|
||||||
|
expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
||||||
|
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidationAppKey(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
AppID: 1,
|
||||||
|
AppInstallationID: 10,
|
||||||
|
ConfigureUrl: "github.com/some_org/some_repo",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
}
|
||||||
|
err := config.validate()
|
||||||
|
expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
||||||
|
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidationOnlyOneTypeOfCredentials(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
AppID: 1,
|
||||||
|
AppInstallationID: 10,
|
||||||
|
AppPrivateKey: "asdf",
|
||||||
|
Token: "asdf",
|
||||||
|
ConfigureUrl: "github.com/some_org/some_repo",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
}
|
||||||
|
err := config.validate()
|
||||||
|
expectedError := fmt.Sprintf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
||||||
|
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidation(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
ConfigureUrl: "https://github.com/actions",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
MinRunners: 1,
|
||||||
|
MaxRunners: 5,
|
||||||
|
Token: "asdf",
|
||||||
|
}
|
||||||
|
|
||||||
|
err := config.validate()
|
||||||
|
|
||||||
|
assert.NoError(t, err, "Expected no error")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidationConfigUrl(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
}
|
||||||
|
|
||||||
|
err := config.validate()
|
||||||
|
|
||||||
|
assert.ErrorContains(t, err, "GitHubConfigUrl is not provided", "Expected error about missing ConfigureUrl")
|
||||||
|
}
|
||||||
431
cmd/ghalistener/listener/listener.go
Normal file
431
cmd/ghalistener/listener/listener.go
Normal file
@@ -0,0 +1,431 @@
|
|||||||
|
package listener
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"os"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/metrics"
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
"github.com/go-logr/logr"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
sessionCreationMaxRetries = 10
|
||||||
|
)
|
||||||
|
|
||||||
|
// message types
|
||||||
|
const (
|
||||||
|
messageTypeJobAvailable = "JobAvailable"
|
||||||
|
messageTypeJobAssigned = "JobAssigned"
|
||||||
|
messageTypeJobStarted = "JobStarted"
|
||||||
|
messageTypeJobCompleted = "JobCompleted"
|
||||||
|
)
|
||||||
|
|
||||||
|
//go:generate mockery --name Client --output ./mocks --outpkg mocks --case underscore
|
||||||
|
type Client interface {
|
||||||
|
GetAcquirableJobs(ctx context.Context, runnerScaleSetId int) (*actions.AcquirableJobList, error)
|
||||||
|
CreateMessageSession(ctx context.Context, runnerScaleSetId int, owner string) (*actions.RunnerScaleSetSession, error)
|
||||||
|
GetMessage(ctx context.Context, messageQueueUrl, messageQueueAccessToken string, lastMessageId int64) (*actions.RunnerScaleSetMessage, error)
|
||||||
|
DeleteMessage(ctx context.Context, messageQueueUrl, messageQueueAccessToken string, messageId int64) error
|
||||||
|
AcquireJobs(ctx context.Context, runnerScaleSetId int, messageQueueAccessToken string, requestIds []int64) ([]int64, error)
|
||||||
|
RefreshMessageSession(ctx context.Context, runnerScaleSetId int, sessionId *uuid.UUID) (*actions.RunnerScaleSetSession, error)
|
||||||
|
DeleteMessageSession(ctx context.Context, runnerScaleSetId int, sessionId *uuid.UUID) error
|
||||||
|
}
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
Client Client
|
||||||
|
ScaleSetID int
|
||||||
|
MinRunners int
|
||||||
|
MaxRunners int
|
||||||
|
Logger logr.Logger
|
||||||
|
Metrics metrics.Publisher
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Config) Validate() error {
|
||||||
|
if c.Client == nil {
|
||||||
|
return errors.New("client is required")
|
||||||
|
}
|
||||||
|
if c.ScaleSetID == 0 {
|
||||||
|
return errors.New("scaleSetID is required")
|
||||||
|
}
|
||||||
|
if c.MinRunners < 0 {
|
||||||
|
return errors.New("minRunners must be greater than or equal to 0")
|
||||||
|
}
|
||||||
|
if c.MaxRunners < 0 {
|
||||||
|
return errors.New("maxRunners must be greater than or equal to 0")
|
||||||
|
}
|
||||||
|
if c.MaxRunners > 0 && c.MinRunners > c.MaxRunners {
|
||||||
|
return errors.New("minRunners must be less than or equal to maxRunners")
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// The Listener's role is to manage all interactions with the actions service.
|
||||||
|
// It receives messages and processes them using the given handler.
|
||||||
|
type Listener struct {
|
||||||
|
// configured fields
|
||||||
|
scaleSetID int // The ID of the scale set associated with the listener.
|
||||||
|
client Client // The client used to interact with the scale set.
|
||||||
|
metrics metrics.Publisher // The publisher used to publish metrics.
|
||||||
|
|
||||||
|
// internal fields
|
||||||
|
logger logr.Logger // The logger used for logging.
|
||||||
|
hostname string // The hostname of the listener.
|
||||||
|
|
||||||
|
// updated fields
|
||||||
|
lastMessageID int64 // The ID of the last processed message.
|
||||||
|
session *actions.RunnerScaleSetSession // The session for managing the runner scale set.
|
||||||
|
}
|
||||||
|
|
||||||
|
func New(config Config) (*Listener, error) {
|
||||||
|
if err := config.Validate(); err != nil {
|
||||||
|
return nil, fmt.Errorf("invalid config: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
listener := &Listener{
|
||||||
|
scaleSetID: config.ScaleSetID,
|
||||||
|
client: config.Client,
|
||||||
|
logger: config.Logger,
|
||||||
|
metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
if config.Metrics != nil {
|
||||||
|
listener.metrics = config.Metrics
|
||||||
|
}
|
||||||
|
|
||||||
|
listener.metrics.PublishStatic(config.MinRunners, config.MaxRunners)
|
||||||
|
|
||||||
|
hostname, err := os.Hostname()
|
||||||
|
if err != nil {
|
||||||
|
hostname = uuid.NewString()
|
||||||
|
listener.logger.Info("Failed to get hostname, fallback to uuid", "uuid", hostname, "error", err)
|
||||||
|
}
|
||||||
|
listener.hostname = hostname
|
||||||
|
|
||||||
|
return listener, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
//go:generate mockery --name Handler --output ./mocks --outpkg mocks --case underscore
|
||||||
|
type Handler interface {
|
||||||
|
HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error
|
||||||
|
HandleDesiredRunnerCount(ctx context.Context, count int) (int, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Listen listens for incoming messages and handles them using the provided handler.
|
||||||
|
// It continuously listens for messages until the context is cancelled.
|
||||||
|
// The initial message contains the current statistics and acquirable jobs, if any.
|
||||||
|
// The handler is responsible for handling the initial message and subsequent messages.
|
||||||
|
// If an error occurs during any step, Listen returns an error.
|
||||||
|
func (l *Listener) Listen(ctx context.Context, handler Handler) error {
|
||||||
|
if err := l.createSession(ctx); err != nil {
|
||||||
|
return fmt.Errorf("createSession failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
defer func() {
|
||||||
|
if err := l.deleteMessageSession(); err != nil {
|
||||||
|
l.logger.Error(err, "failed to delete message session")
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
initialMessage := &actions.RunnerScaleSetMessage{
|
||||||
|
MessageId: 0,
|
||||||
|
MessageType: "RunnerScaleSetJobMessages",
|
||||||
|
Statistics: l.session.Statistics,
|
||||||
|
Body: "",
|
||||||
|
}
|
||||||
|
|
||||||
|
if l.session.Statistics == nil {
|
||||||
|
return fmt.Errorf("session statistics is nil")
|
||||||
|
}
|
||||||
|
l.metrics.PublishStatistics(initialMessage.Statistics)
|
||||||
|
|
||||||
|
desiredRunners, err := handler.HandleDesiredRunnerCount(ctx, initialMessage.Statistics.TotalAssignedJobs)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("handling initial message failed: %w", err)
|
||||||
|
}
|
||||||
|
l.metrics.PublishDesiredRunners(desiredRunners)
|
||||||
|
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return ctx.Err()
|
||||||
|
default:
|
||||||
|
}
|
||||||
|
|
||||||
|
msg, err := l.getMessage(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to get message: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if msg == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// New context is created to avoid cancelation during message handling.
|
||||||
|
if err := l.handleMessage(context.Background(), handler, msg); err != nil {
|
||||||
|
return fmt.Errorf("failed to handle message: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *Listener) handleMessage(ctx context.Context, handler Handler, msg *actions.RunnerScaleSetMessage) error {
|
||||||
|
parsedMsg, err := l.parseMessage(ctx, msg)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to parse message: %w", err)
|
||||||
|
}
|
||||||
|
l.metrics.PublishStatistics(parsedMsg.statistics)
|
||||||
|
|
||||||
|
if len(parsedMsg.jobsAvailable) > 0 {
|
||||||
|
acquiredJobIDs, err := l.acquireAvailableJobs(ctx, parsedMsg.jobsAvailable)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to acquire jobs: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("Jobs are acquired", "count", len(acquiredJobIDs), "requestIds", fmt.Sprint(acquiredJobIDs))
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, jobCompleted := range parsedMsg.jobsCompleted {
|
||||||
|
l.metrics.PublishJobCompleted(jobCompleted)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.lastMessageID = msg.MessageId
|
||||||
|
|
||||||
|
if err := l.deleteLastMessage(ctx); err != nil {
|
||||||
|
return fmt.Errorf("failed to delete message: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, jobStarted := range parsedMsg.jobsStarted {
|
||||||
|
if err := handler.HandleJobStarted(ctx, jobStarted); err != nil {
|
||||||
|
return fmt.Errorf("failed to handle job started: %w", err)
|
||||||
|
}
|
||||||
|
l.metrics.PublishJobStarted(jobStarted)
|
||||||
|
}
|
||||||
|
|
||||||
|
desiredRunners, err := handler.HandleDesiredRunnerCount(ctx, parsedMsg.statistics.TotalAssignedJobs)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to handle desired runner count: %w", err)
|
||||||
|
}
|
||||||
|
l.metrics.PublishDesiredRunners(desiredRunners)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *Listener) createSession(ctx context.Context) error {
|
||||||
|
var session *actions.RunnerScaleSetSession
|
||||||
|
var retries int
|
||||||
|
|
||||||
|
for {
|
||||||
|
var err error
|
||||||
|
session, err = l.client.CreateMessageSession(ctx, l.scaleSetID, l.hostname)
|
||||||
|
if err == nil {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
clientErr := &actions.HttpClientSideError{}
|
||||||
|
if !errors.As(err, &clientErr) {
|
||||||
|
return fmt.Errorf("failed to create session: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if clientErr.Code != http.StatusConflict {
|
||||||
|
return fmt.Errorf("failed to create session: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
retries++
|
||||||
|
if retries >= sessionCreationMaxRetries {
|
||||||
|
return fmt.Errorf("failed to create session after %d retries: %w", retries, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("Unable to create message session. Will try again in 30 seconds", "error", err.Error())
|
||||||
|
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return fmt.Errorf("context cancelled: %w", ctx.Err())
|
||||||
|
case <-time.After(30 * time.Second):
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
statistics, err := json.Marshal(session.Statistics)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to marshal statistics: %w", err)
|
||||||
|
}
|
||||||
|
l.logger.Info("Current runner scale set statistics.", "statistics", string(statistics))
|
||||||
|
|
||||||
|
l.session = session
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *Listener) getMessage(ctx context.Context) (*actions.RunnerScaleSetMessage, error) {
|
||||||
|
l.logger.Info("Getting next message", "lastMessageID", l.lastMessageID)
|
||||||
|
msg, err := l.client.GetMessage(ctx, l.session.MessageQueueUrl, l.session.MessageQueueAccessToken, l.lastMessageID)
|
||||||
|
if err == nil { // if NO error
|
||||||
|
return msg, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
expiredError := &actions.MessageQueueTokenExpiredError{}
|
||||||
|
if !errors.As(err, &expiredError) {
|
||||||
|
return nil, fmt.Errorf("failed to get next message: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := l.refreshSession(ctx); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("Getting next message", "lastMessageID", l.lastMessageID)
|
||||||
|
|
||||||
|
msg, err = l.client.GetMessage(ctx, l.session.MessageQueueUrl, l.session.MessageQueueAccessToken, l.lastMessageID)
|
||||||
|
if err != nil { // if NO error
|
||||||
|
return nil, fmt.Errorf("failed to get next message after message session refresh: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return msg, nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *Listener) deleteLastMessage(ctx context.Context) error {
|
||||||
|
l.logger.Info("Deleting last message", "lastMessageID", l.lastMessageID)
|
||||||
|
if err := l.client.DeleteMessage(ctx, l.session.MessageQueueUrl, l.session.MessageQueueAccessToken, l.lastMessageID); err != nil {
|
||||||
|
return fmt.Errorf("failed to delete message: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type parsedMessage struct {
|
||||||
|
statistics *actions.RunnerScaleSetStatistic
|
||||||
|
jobsStarted []*actions.JobStarted
|
||||||
|
jobsAvailable []*actions.JobAvailable
|
||||||
|
jobsCompleted []*actions.JobCompleted
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *Listener) parseMessage(ctx context.Context, msg *actions.RunnerScaleSetMessage) (*parsedMessage, error) {
|
||||||
|
if msg.MessageType != "RunnerScaleSetJobMessages" {
|
||||||
|
l.logger.Info("Skipping message", "messageType", msg.MessageType)
|
||||||
|
return nil, fmt.Errorf("invalid message type: %s", msg.MessageType)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("Processing message", "messageId", msg.MessageId, "messageType", msg.MessageType)
|
||||||
|
if msg.Statistics == nil {
|
||||||
|
return nil, fmt.Errorf("invalid message: statistics is nil")
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("New runner scale set statistics.", "statistics", msg.Statistics)
|
||||||
|
|
||||||
|
var batchedMessages []json.RawMessage
|
||||||
|
if len(msg.Body) > 0 {
|
||||||
|
if err := json.Unmarshal([]byte(msg.Body), &batchedMessages); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to unmarshal batched messages: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
parsedMsg := &parsedMessage{
|
||||||
|
statistics: msg.Statistics,
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, msg := range batchedMessages {
|
||||||
|
var messageType actions.JobMessageType
|
||||||
|
if err := json.Unmarshal(msg, &messageType); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to decode job message type: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
switch messageType.MessageType {
|
||||||
|
case messageTypeJobAvailable:
|
||||||
|
var jobAvailable actions.JobAvailable
|
||||||
|
if err := json.Unmarshal(msg, &jobAvailable); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to decode job available: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("Job available message received", "jobId", jobAvailable.RunnerRequestId)
|
||||||
|
parsedMsg.jobsAvailable = append(parsedMsg.jobsAvailable, &jobAvailable)
|
||||||
|
|
||||||
|
case messageTypeJobAssigned:
|
||||||
|
var jobAssigned actions.JobAssigned
|
||||||
|
if err := json.Unmarshal(msg, &jobAssigned); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to decode job assigned: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("Job assigned message received", "jobId", jobAssigned.RunnerRequestId)
|
||||||
|
|
||||||
|
case messageTypeJobStarted:
|
||||||
|
var jobStarted actions.JobStarted
|
||||||
|
if err := json.Unmarshal(msg, &jobStarted); err != nil {
|
||||||
|
return nil, fmt.Errorf("could not decode job started message. %w", err)
|
||||||
|
}
|
||||||
|
l.logger.Info("Job started message received.", "RequestId", jobStarted.RunnerRequestId, "RunnerId", jobStarted.RunnerId)
|
||||||
|
parsedMsg.jobsStarted = append(parsedMsg.jobsStarted, &jobStarted)
|
||||||
|
|
||||||
|
case messageTypeJobCompleted:
|
||||||
|
var jobCompleted actions.JobCompleted
|
||||||
|
if err := json.Unmarshal(msg, &jobCompleted); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to decode job completed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("Job completed message received.", "RequestId", jobCompleted.RunnerRequestId, "Result", jobCompleted.Result, "RunnerId", jobCompleted.RunnerId, "RunnerName", jobCompleted.RunnerName)
|
||||||
|
parsedMsg.jobsCompleted = append(parsedMsg.jobsCompleted, &jobCompleted)
|
||||||
|
|
||||||
|
default:
|
||||||
|
l.logger.Info("unknown job message type.", "messageType", messageType.MessageType)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return parsedMsg, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *Listener) acquireAvailableJobs(ctx context.Context, jobsAvailable []*actions.JobAvailable) ([]int64, error) {
|
||||||
|
ids := make([]int64, 0, len(jobsAvailable))
|
||||||
|
for _, job := range jobsAvailable {
|
||||||
|
ids = append(ids, job.RunnerRequestId)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.logger.Info("Acquiring jobs", "count", len(ids), "requestIds", fmt.Sprint(ids))
|
||||||
|
|
||||||
|
idsAcquired, err := l.client.AcquireJobs(ctx, l.scaleSetID, l.session.MessageQueueAccessToken, ids)
|
||||||
|
if err == nil { // if NO errors
|
||||||
|
return idsAcquired, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
expiredError := &actions.MessageQueueTokenExpiredError{}
|
||||||
|
if !errors.As(err, &expiredError) {
|
||||||
|
return nil, fmt.Errorf("failed to acquire jobs: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := l.refreshSession(ctx); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
idsAcquired, err = l.client.AcquireJobs(ctx, l.scaleSetID, l.session.MessageQueueAccessToken, ids)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to acquire jobs after session refresh: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return idsAcquired, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *Listener) refreshSession(ctx context.Context) error {
|
||||||
|
l.logger.Info("Message queue token is expired during GetNextMessage, refreshing...")
|
||||||
|
session, err := l.client.RefreshMessageSession(ctx, l.session.RunnerScaleSet.Id, l.session.SessionId)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("refresh message session failed. %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
l.session = session
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *Listener) deleteMessageSession() error {
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
l.logger.Info("Deleting message session")
|
||||||
|
|
||||||
|
if err := l.client.DeleteMessageSession(ctx, l.session.RunnerScaleSet.Id, l.session.SessionId); err != nil {
|
||||||
|
return fmt.Errorf("failed to delete message session: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
879
cmd/ghalistener/listener/listener_test.go
Normal file
879
cmd/ghalistener/listener/listener_test.go
Normal file
@@ -0,0 +1,879 @@
|
|||||||
|
package listener
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"net/http"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
listenermocks "github.com/actions/actions-runner-controller/cmd/ghalistener/listener/mocks"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/metrics"
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/mock"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestNew(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
t.Run("InvalidConfig", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
var config Config
|
||||||
|
_, err := New(config)
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("ValidConfig", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
config := Config{
|
||||||
|
Client: listenermocks.NewClient(t),
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
l, err := New(config)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.NotNil(t, l)
|
||||||
|
})
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestListener_createSession(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
t.Run("FailOnce", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(nil, assert.AnError).Once()
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
err = l.createSession(ctx)
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("FailContext", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(nil,
|
||||||
|
&actions.HttpClientSideError{Code: http.StatusConflict}).Once()
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
err = l.createSession(ctx)
|
||||||
|
assert.True(t, errors.Is(err, context.DeadlineExceeded))
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("SetsSession", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: nil,
|
||||||
|
}
|
||||||
|
client.On("CreateMessageSession", mock.Anything, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
err = l.createSession(context.Background())
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.Equal(t, session, l.session)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestListener_getMessage(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("ReceivesMessage", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
want := &actions.RunnerScaleSetMessage{
|
||||||
|
MessageId: 1,
|
||||||
|
}
|
||||||
|
client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(want, nil).Once()
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
l.session = &actions.RunnerScaleSetSession{}
|
||||||
|
|
||||||
|
got, err := l.getMessage(ctx)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.Equal(t, want, got)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("NotExpiredError", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.HttpClientSideError{Code: http.StatusNotFound}).Once()
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
l.session = &actions.RunnerScaleSetSession{}
|
||||||
|
|
||||||
|
_, err = l.getMessage(ctx)
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("RefreshAndSucceeds", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: nil,
|
||||||
|
}
|
||||||
|
client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
|
||||||
|
client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.MessageQueueTokenExpiredError{}).Once()
|
||||||
|
|
||||||
|
want := &actions.RunnerScaleSetMessage{
|
||||||
|
MessageId: 1,
|
||||||
|
}
|
||||||
|
client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(want, nil).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
l.session = &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
}
|
||||||
|
|
||||||
|
got, err := l.getMessage(ctx)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.Equal(t, want, got)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("RefreshAndFails", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: nil,
|
||||||
|
}
|
||||||
|
client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
|
||||||
|
client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.MessageQueueTokenExpiredError{}).Twice()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
l.session = &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
}
|
||||||
|
|
||||||
|
got, err := l.getMessage(ctx)
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
assert.Nil(t, got)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestListener_refreshSession(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("SuccessfullyRefreshes", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
newUUID := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &newUUID,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: nil,
|
||||||
|
}
|
||||||
|
client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
oldUUID := uuid.New()
|
||||||
|
l.session = &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &oldUUID,
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
}
|
||||||
|
|
||||||
|
err = l.refreshSession(ctx)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.Equal(t, session, l.session)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("FailsToRefresh", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(nil, errors.New("error")).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
oldUUID := uuid.New()
|
||||||
|
oldSession := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &oldUUID,
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
}
|
||||||
|
l.session = oldSession
|
||||||
|
|
||||||
|
err = l.refreshSession(ctx)
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
assert.Equal(t, oldSession, l.session)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestListener_deleteLastMessage(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("SuccessfullyDeletes", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
client.On("DeleteMessage", ctx, mock.Anything, mock.Anything, mock.MatchedBy(func(lastMessageID any) bool {
|
||||||
|
return lastMessageID.(int64) == int64(5)
|
||||||
|
})).Return(nil).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
l.session = &actions.RunnerScaleSetSession{}
|
||||||
|
l.lastMessageID = 5
|
||||||
|
|
||||||
|
err = l.deleteLastMessage(ctx)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("FailsToDelete", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
client.On("DeleteMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(errors.New("error")).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
l.session = &actions.RunnerScaleSetSession{}
|
||||||
|
l.lastMessageID = 5
|
||||||
|
|
||||||
|
err = l.deleteLastMessage(ctx)
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestListener_Listen(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("CreateSessionFails", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(nil, assert.AnError).Once()
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
err = l.Listen(ctx, nil)
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("CallHandleRegardlessOfInitialMessage", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{},
|
||||||
|
}
|
||||||
|
client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
client.On("DeleteMessageSession", mock.Anything, session.RunnerScaleSet.Id, session.SessionId).Return(nil).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
var called bool
|
||||||
|
handler := listenermocks.NewHandler(t)
|
||||||
|
handler.On("HandleDesiredRunnerCount", mock.Anything, mock.Anything).
|
||||||
|
Return(0, nil).
|
||||||
|
Run(
|
||||||
|
func(mock.Arguments) {
|
||||||
|
called = true
|
||||||
|
cancel()
|
||||||
|
},
|
||||||
|
).
|
||||||
|
Once()
|
||||||
|
|
||||||
|
err = l.Listen(ctx, handler)
|
||||||
|
assert.True(t, errors.Is(err, context.Canceled))
|
||||||
|
assert.True(t, called)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("CancelContextAfterGetMessage", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
uuid := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{},
|
||||||
|
}
|
||||||
|
client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
client.On("DeleteMessageSession", mock.Anything, session.RunnerScaleSet.Id, session.SessionId).Return(nil).Once()
|
||||||
|
|
||||||
|
msg := &actions.RunnerScaleSetMessage{
|
||||||
|
MessageId: 1,
|
||||||
|
MessageType: "RunnerScaleSetJobMessages",
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{},
|
||||||
|
}
|
||||||
|
client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).
|
||||||
|
Return(msg, nil).
|
||||||
|
Run(
|
||||||
|
func(mock.Arguments) {
|
||||||
|
cancel()
|
||||||
|
},
|
||||||
|
).
|
||||||
|
Once()
|
||||||
|
|
||||||
|
// Ensure delete message is called with background context
|
||||||
|
client.On("DeleteMessage", context.Background(), mock.Anything, mock.Anything, mock.Anything).Return(nil).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
handler := listenermocks.NewHandler(t)
|
||||||
|
handler.On("HandleDesiredRunnerCount", mock.Anything, mock.Anything).
|
||||||
|
Return(0, nil).
|
||||||
|
Once()
|
||||||
|
|
||||||
|
handler.On("HandleDesiredRunnerCount", mock.Anything, mock.Anything).
|
||||||
|
Return(0, nil).
|
||||||
|
Once()
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
err = l.Listen(ctx, handler)
|
||||||
|
assert.ErrorIs(t, context.Canceled, err)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestListener_acquireAvailableJobs(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("FailingToAcquireJobs", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, assert.AnError).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
l.session = &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{},
|
||||||
|
}
|
||||||
|
|
||||||
|
availableJobs := []*actions.JobAvailable{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 1,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 2,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 3,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
_, err = l.acquireAvailableJobs(ctx, availableJobs)
|
||||||
|
assert.Error(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("SuccessfullyAcquiresJobsOnFirstRun", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
jobIDs := []int64{1, 2, 3}
|
||||||
|
|
||||||
|
client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).Return(jobIDs, nil).Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
l.session = &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{},
|
||||||
|
}
|
||||||
|
|
||||||
|
availableJobs := []*actions.JobAvailable{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 1,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 2,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 3,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
acquiredJobIDs, err := l.acquireAvailableJobs(ctx, availableJobs)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, []int64{1, 2, 3}, acquiredJobIDs)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("RefreshAndSucceeds", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: nil,
|
||||||
|
}
|
||||||
|
client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
|
||||||
|
// Second call to AcquireJobs will succeed
|
||||||
|
want := []int64{1, 2, 3}
|
||||||
|
availableJobs := []*actions.JobAvailable{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 1,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 2,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 3,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
// First call to AcquireJobs will fail with a token expired error
|
||||||
|
client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).
|
||||||
|
Run(func(args mock.Arguments) {
|
||||||
|
ids := args.Get(3).([]int64)
|
||||||
|
assert.Equal(t, want, ids)
|
||||||
|
}).
|
||||||
|
Return(nil, &actions.MessageQueueTokenExpiredError{}).
|
||||||
|
Once()
|
||||||
|
|
||||||
|
// First call to AcquireJobs will fail with a token expired error
|
||||||
|
client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).
|
||||||
|
Run(func(args mock.Arguments) {
|
||||||
|
ids := args.Get(3).([]int64)
|
||||||
|
assert.Equal(t, want, ids)
|
||||||
|
}).
|
||||||
|
Return(want, nil).
|
||||||
|
Once()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
l.session = &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
}
|
||||||
|
|
||||||
|
got, err := l.acquireAvailableJobs(ctx, availableJobs)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.Equal(t, want, got)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("RefreshAndFails", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
config := Config{
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics.Discard,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: nil,
|
||||||
|
}
|
||||||
|
client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
|
||||||
|
client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.MessageQueueTokenExpiredError{}).Twice()
|
||||||
|
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
l.session = &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
}
|
||||||
|
|
||||||
|
availableJobs := []*actions.JobAvailable{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 1,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 2,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
RunnerRequestId: 3,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
got, err := l.acquireAvailableJobs(ctx, availableJobs)
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
assert.Nil(t, got)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestListener_parseMessage(t *testing.T) {
|
||||||
|
t.Run("FailOnEmptyStatistics", func(t *testing.T) {
|
||||||
|
msg := &actions.RunnerScaleSetMessage{
|
||||||
|
MessageId: 1,
|
||||||
|
MessageType: "RunnerScaleSetJobMessages",
|
||||||
|
Statistics: nil,
|
||||||
|
}
|
||||||
|
|
||||||
|
l := &Listener{}
|
||||||
|
parsedMsg, err := l.parseMessage(context.Background(), msg)
|
||||||
|
assert.Error(t, err)
|
||||||
|
assert.Nil(t, parsedMsg)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("FailOnIncorrectMessageType", func(t *testing.T) {
|
||||||
|
msg := &actions.RunnerScaleSetMessage{
|
||||||
|
MessageId: 1,
|
||||||
|
MessageType: "RunnerMessages", // arbitrary message type
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{},
|
||||||
|
}
|
||||||
|
|
||||||
|
l := &Listener{}
|
||||||
|
parsedMsg, err := l.parseMessage(context.Background(), msg)
|
||||||
|
assert.Error(t, err)
|
||||||
|
assert.Nil(t, parsedMsg)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("ParseAll", func(t *testing.T) {
|
||||||
|
msg := &actions.RunnerScaleSetMessage{
|
||||||
|
MessageId: 1,
|
||||||
|
MessageType: "RunnerScaleSetJobMessages",
|
||||||
|
Body: "",
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{
|
||||||
|
TotalAvailableJobs: 1,
|
||||||
|
TotalAcquiredJobs: 2,
|
||||||
|
TotalAssignedJobs: 3,
|
||||||
|
TotalRunningJobs: 4,
|
||||||
|
TotalRegisteredRunners: 5,
|
||||||
|
TotalBusyRunners: 6,
|
||||||
|
TotalIdleRunners: 7,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
var batchedMessages []any
|
||||||
|
jobsAvailable := []*actions.JobAvailable{
|
||||||
|
{
|
||||||
|
AcquireJobUrl: "https://github.com/example",
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobAvailable,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 1,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
AcquireJobUrl: "https://github.com/example",
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobAvailable,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 2,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, msg := range jobsAvailable {
|
||||||
|
batchedMessages = append(batchedMessages, msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
jobsAssigned := []*actions.JobAssigned{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobAssigned,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 3,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobAssigned,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 4,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, msg := range jobsAssigned {
|
||||||
|
batchedMessages = append(batchedMessages, msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
jobsStarted := []*actions.JobStarted{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobStarted,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 5,
|
||||||
|
},
|
||||||
|
RunnerId: 2,
|
||||||
|
RunnerName: "runner2",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, msg := range jobsStarted {
|
||||||
|
batchedMessages = append(batchedMessages, msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
jobsCompleted := []*actions.JobCompleted{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobCompleted,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 6,
|
||||||
|
},
|
||||||
|
Result: "success",
|
||||||
|
RunnerId: 1,
|
||||||
|
RunnerName: "runner1",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, msg := range jobsCompleted {
|
||||||
|
batchedMessages = append(batchedMessages, msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
b, err := json.Marshal(batchedMessages)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
msg.Body = string(b)
|
||||||
|
|
||||||
|
l := &Listener{}
|
||||||
|
parsedMsg, err := l.parseMessage(context.Background(), msg)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
assert.Equal(t, msg.Statistics, parsedMsg.statistics)
|
||||||
|
assert.Equal(t, jobsAvailable, parsedMsg.jobsAvailable)
|
||||||
|
assert.Equal(t, jobsStarted, parsedMsg.jobsStarted)
|
||||||
|
assert.Equal(t, jobsCompleted, parsedMsg.jobsCompleted)
|
||||||
|
})
|
||||||
|
}
|
||||||
205
cmd/ghalistener/listener/metrics_test.go
Normal file
205
cmd/ghalistener/listener/metrics_test.go
Normal file
@@ -0,0 +1,205 @@
|
|||||||
|
package listener
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
listenermocks "github.com/actions/actions-runner-controller/cmd/ghalistener/listener/mocks"
|
||||||
|
metricsmocks "github.com/actions/actions-runner-controller/cmd/ghalistener/metrics/mocks"
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/mock"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestInitialMetrics(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("SetStaticMetrics", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
metrics := metricsmocks.NewPublisher(t)
|
||||||
|
|
||||||
|
minRunners := 5
|
||||||
|
maxRunners := 10
|
||||||
|
metrics.On("PublishStatic", minRunners, maxRunners).Once()
|
||||||
|
|
||||||
|
config := Config{
|
||||||
|
Client: listenermocks.NewClient(t),
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics,
|
||||||
|
MinRunners: minRunners,
|
||||||
|
MaxRunners: maxRunners,
|
||||||
|
}
|
||||||
|
l, err := New(config)
|
||||||
|
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.NotNil(t, l)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("InitialMessageStatistics", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
|
||||||
|
sessionStatistics := &actions.RunnerScaleSetStatistic{
|
||||||
|
TotalAvailableJobs: 1,
|
||||||
|
TotalAcquiredJobs: 2,
|
||||||
|
TotalAssignedJobs: 3,
|
||||||
|
TotalRunningJobs: 4,
|
||||||
|
TotalRegisteredRunners: 5,
|
||||||
|
TotalBusyRunners: 6,
|
||||||
|
TotalIdleRunners: 7,
|
||||||
|
}
|
||||||
|
|
||||||
|
uuid := uuid.New()
|
||||||
|
session := &actions.RunnerScaleSetSession{
|
||||||
|
SessionId: &uuid,
|
||||||
|
OwnerName: "example",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "https://example.com",
|
||||||
|
MessageQueueAccessToken: "1234567890",
|
||||||
|
Statistics: sessionStatistics,
|
||||||
|
}
|
||||||
|
|
||||||
|
metrics := metricsmocks.NewPublisher(t)
|
||||||
|
metrics.On("PublishStatic", mock.Anything, mock.Anything).Once()
|
||||||
|
metrics.On("PublishStatistics", sessionStatistics).Once()
|
||||||
|
metrics.On("PublishDesiredRunners", sessionStatistics.TotalAssignedJobs).
|
||||||
|
Run(
|
||||||
|
func(mock.Arguments) {
|
||||||
|
cancel()
|
||||||
|
},
|
||||||
|
).Once()
|
||||||
|
|
||||||
|
config := Config{
|
||||||
|
Client: listenermocks.NewClient(t),
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics,
|
||||||
|
}
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
client.On("CreateMessageSession", mock.Anything, mock.Anything, mock.Anything).Return(session, nil).Once()
|
||||||
|
client.On("DeleteMessageSession", mock.Anything, session.RunnerScaleSet.Id, session.SessionId).Return(nil).Once()
|
||||||
|
config.Client = client
|
||||||
|
|
||||||
|
handler := listenermocks.NewHandler(t)
|
||||||
|
handler.On("HandleDesiredRunnerCount", mock.Anything, sessionStatistics.TotalAssignedJobs).
|
||||||
|
Return(sessionStatistics.TotalAssignedJobs, nil).
|
||||||
|
Once()
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
assert.NotNil(t, l)
|
||||||
|
|
||||||
|
assert.ErrorIs(t, context.Canceled, l.Listen(ctx, handler))
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestHandleMessageMetrics(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
msg := &actions.RunnerScaleSetMessage{
|
||||||
|
MessageId: 1,
|
||||||
|
MessageType: "RunnerScaleSetJobMessages",
|
||||||
|
Body: "",
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{
|
||||||
|
TotalAvailableJobs: 1,
|
||||||
|
TotalAcquiredJobs: 2,
|
||||||
|
TotalAssignedJobs: 3,
|
||||||
|
TotalRunningJobs: 4,
|
||||||
|
TotalRegisteredRunners: 5,
|
||||||
|
TotalBusyRunners: 6,
|
||||||
|
TotalIdleRunners: 7,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
var batchedMessages []any
|
||||||
|
jobsStarted := []*actions.JobStarted{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobStarted,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 8,
|
||||||
|
},
|
||||||
|
RunnerId: 3,
|
||||||
|
RunnerName: "runner3",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, msg := range jobsStarted {
|
||||||
|
batchedMessages = append(batchedMessages, msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
jobsCompleted := []*actions.JobCompleted{
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobCompleted,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 6,
|
||||||
|
},
|
||||||
|
Result: "success",
|
||||||
|
RunnerId: 1,
|
||||||
|
RunnerName: "runner1",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
JobMessageBase: actions.JobMessageBase{
|
||||||
|
JobMessageType: actions.JobMessageType{
|
||||||
|
MessageType: messageTypeJobCompleted,
|
||||||
|
},
|
||||||
|
RunnerRequestId: 7,
|
||||||
|
},
|
||||||
|
Result: "success",
|
||||||
|
RunnerId: 2,
|
||||||
|
RunnerName: "runner2",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, msg := range jobsCompleted {
|
||||||
|
batchedMessages = append(batchedMessages, msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
b, err := json.Marshal(batchedMessages)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
msg.Body = string(b)
|
||||||
|
|
||||||
|
desiredResult := 4
|
||||||
|
|
||||||
|
metrics := metricsmocks.NewPublisher(t)
|
||||||
|
metrics.On("PublishStatic", 0, 0).Once()
|
||||||
|
metrics.On("PublishStatistics", msg.Statistics).Once()
|
||||||
|
metrics.On("PublishJobCompleted", jobsCompleted[0]).Once()
|
||||||
|
metrics.On("PublishJobCompleted", jobsCompleted[1]).Once()
|
||||||
|
metrics.On("PublishJobStarted", jobsStarted[0]).Once()
|
||||||
|
metrics.On("PublishDesiredRunners", desiredResult).Once()
|
||||||
|
|
||||||
|
handler := listenermocks.NewHandler(t)
|
||||||
|
handler.On("HandleJobStarted", mock.Anything, jobsStarted[0]).Return(nil).Once()
|
||||||
|
handler.On("HandleDesiredRunnerCount", mock.Anything, mock.Anything).Return(desiredResult, nil).Once()
|
||||||
|
|
||||||
|
client := listenermocks.NewClient(t)
|
||||||
|
client.On("DeleteMessage", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil).Once()
|
||||||
|
|
||||||
|
config := Config{
|
||||||
|
Client: listenermocks.NewClient(t),
|
||||||
|
ScaleSetID: 1,
|
||||||
|
Metrics: metrics,
|
||||||
|
}
|
||||||
|
|
||||||
|
l, err := New(config)
|
||||||
|
require.NoError(t, err)
|
||||||
|
l.client = client
|
||||||
|
l.session = &actions.RunnerScaleSetSession{
|
||||||
|
OwnerName: "",
|
||||||
|
RunnerScaleSet: &actions.RunnerScaleSet{},
|
||||||
|
MessageQueueUrl: "",
|
||||||
|
MessageQueueAccessToken: "",
|
||||||
|
Statistics: &actions.RunnerScaleSetStatistic{},
|
||||||
|
}
|
||||||
|
|
||||||
|
err = l.handleMessage(context.Background(), handler, msg)
|
||||||
|
require.NoError(t, err)
|
||||||
|
}
|
||||||
190
cmd/ghalistener/listener/mocks/client.go
Normal file
190
cmd/ghalistener/listener/mocks/client.go
Normal file
@@ -0,0 +1,190 @@
|
|||||||
|
// Code generated by mockery v2.36.1. DO NOT EDIT.
|
||||||
|
|
||||||
|
package mocks
|
||||||
|
|
||||||
|
import (
|
||||||
|
context "context"
|
||||||
|
|
||||||
|
actions "github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
|
||||||
|
mock "github.com/stretchr/testify/mock"
|
||||||
|
|
||||||
|
uuid "github.com/google/uuid"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Client is an autogenerated mock type for the Client type
|
||||||
|
type Client struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
// AcquireJobs provides a mock function with given fields: ctx, runnerScaleSetId, messageQueueAccessToken, requestIds
|
||||||
|
func (_m *Client) AcquireJobs(ctx context.Context, runnerScaleSetId int, messageQueueAccessToken string, requestIds []int64) ([]int64, error) {
|
||||||
|
ret := _m.Called(ctx, runnerScaleSetId, messageQueueAccessToken, requestIds)
|
||||||
|
|
||||||
|
var r0 []int64
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int, string, []int64) ([]int64, error)); ok {
|
||||||
|
return rf(ctx, runnerScaleSetId, messageQueueAccessToken, requestIds)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int, string, []int64) []int64); ok {
|
||||||
|
r0 = rf(ctx, runnerScaleSetId, messageQueueAccessToken, requestIds)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).([]int64)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(context.Context, int, string, []int64) error); ok {
|
||||||
|
r1 = rf(ctx, runnerScaleSetId, messageQueueAccessToken, requestIds)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateMessageSession provides a mock function with given fields: ctx, runnerScaleSetId, owner
|
||||||
|
func (_m *Client) CreateMessageSession(ctx context.Context, runnerScaleSetId int, owner string) (*actions.RunnerScaleSetSession, error) {
|
||||||
|
ret := _m.Called(ctx, runnerScaleSetId, owner)
|
||||||
|
|
||||||
|
var r0 *actions.RunnerScaleSetSession
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int, string) (*actions.RunnerScaleSetSession, error)); ok {
|
||||||
|
return rf(ctx, runnerScaleSetId, owner)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int, string) *actions.RunnerScaleSetSession); ok {
|
||||||
|
r0 = rf(ctx, runnerScaleSetId, owner)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).(*actions.RunnerScaleSetSession)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(context.Context, int, string) error); ok {
|
||||||
|
r1 = rf(ctx, runnerScaleSetId, owner)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteMessage provides a mock function with given fields: ctx, messageQueueUrl, messageQueueAccessToken, messageId
|
||||||
|
func (_m *Client) DeleteMessage(ctx context.Context, messageQueueUrl string, messageQueueAccessToken string, messageId int64) error {
|
||||||
|
ret := _m.Called(ctx, messageQueueUrl, messageQueueAccessToken, messageId)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, string, string, int64) error); ok {
|
||||||
|
r0 = rf(ctx, messageQueueUrl, messageQueueAccessToken, messageId)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteMessageSession provides a mock function with given fields: ctx, runnerScaleSetId, sessionId
|
||||||
|
func (_m *Client) DeleteMessageSession(ctx context.Context, runnerScaleSetId int, sessionId *uuid.UUID) error {
|
||||||
|
ret := _m.Called(ctx, runnerScaleSetId, sessionId)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int, *uuid.UUID) error); ok {
|
||||||
|
r0 = rf(ctx, runnerScaleSetId, sessionId)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetAcquirableJobs provides a mock function with given fields: ctx, runnerScaleSetId
|
||||||
|
func (_m *Client) GetAcquirableJobs(ctx context.Context, runnerScaleSetId int) (*actions.AcquirableJobList, error) {
|
||||||
|
ret := _m.Called(ctx, runnerScaleSetId)
|
||||||
|
|
||||||
|
var r0 *actions.AcquirableJobList
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int) (*actions.AcquirableJobList, error)); ok {
|
||||||
|
return rf(ctx, runnerScaleSetId)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int) *actions.AcquirableJobList); ok {
|
||||||
|
r0 = rf(ctx, runnerScaleSetId)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).(*actions.AcquirableJobList)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(context.Context, int) error); ok {
|
||||||
|
r1 = rf(ctx, runnerScaleSetId)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetMessage provides a mock function with given fields: ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId
|
||||||
|
func (_m *Client) GetMessage(ctx context.Context, messageQueueUrl string, messageQueueAccessToken string, lastMessageId int64) (*actions.RunnerScaleSetMessage, error) {
|
||||||
|
ret := _m.Called(ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId)
|
||||||
|
|
||||||
|
var r0 *actions.RunnerScaleSetMessage
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, string, string, int64) (*actions.RunnerScaleSetMessage, error)); ok {
|
||||||
|
return rf(ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, string, string, int64) *actions.RunnerScaleSetMessage); ok {
|
||||||
|
r0 = rf(ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).(*actions.RunnerScaleSetMessage)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(context.Context, string, string, int64) error); ok {
|
||||||
|
r1 = rf(ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// RefreshMessageSession provides a mock function with given fields: ctx, runnerScaleSetId, sessionId
|
||||||
|
func (_m *Client) RefreshMessageSession(ctx context.Context, runnerScaleSetId int, sessionId *uuid.UUID) (*actions.RunnerScaleSetSession, error) {
|
||||||
|
ret := _m.Called(ctx, runnerScaleSetId, sessionId)
|
||||||
|
|
||||||
|
var r0 *actions.RunnerScaleSetSession
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int, *uuid.UUID) (*actions.RunnerScaleSetSession, error)); ok {
|
||||||
|
return rf(ctx, runnerScaleSetId, sessionId)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int, *uuid.UUID) *actions.RunnerScaleSetSession); ok {
|
||||||
|
r0 = rf(ctx, runnerScaleSetId, sessionId)
|
||||||
|
} else {
|
||||||
|
if ret.Get(0) != nil {
|
||||||
|
r0 = ret.Get(0).(*actions.RunnerScaleSetSession)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(context.Context, int, *uuid.UUID) error); ok {
|
||||||
|
r1 = rf(ctx, runnerScaleSetId, sessionId)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
|
||||||
|
// The first argument is typically a *testing.T value.
|
||||||
|
func NewClient(t interface {
|
||||||
|
mock.TestingT
|
||||||
|
Cleanup(func())
|
||||||
|
}) *Client {
|
||||||
|
mock := &Client{}
|
||||||
|
mock.Mock.Test(t)
|
||||||
|
|
||||||
|
t.Cleanup(func() { mock.AssertExpectations(t) })
|
||||||
|
|
||||||
|
return mock
|
||||||
|
}
|
||||||
68
cmd/ghalistener/listener/mocks/handler.go
Normal file
68
cmd/ghalistener/listener/mocks/handler.go
Normal file
@@ -0,0 +1,68 @@
|
|||||||
|
// Code generated by mockery v2.36.1. DO NOT EDIT.
|
||||||
|
|
||||||
|
package mocks
|
||||||
|
|
||||||
|
import (
|
||||||
|
context "context"
|
||||||
|
|
||||||
|
actions "github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
|
||||||
|
mock "github.com/stretchr/testify/mock"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Handler is an autogenerated mock type for the Handler type
|
||||||
|
type Handler struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
// HandleDesiredRunnerCount provides a mock function with given fields: ctx, count
|
||||||
|
func (_m *Handler) HandleDesiredRunnerCount(ctx context.Context, count int) (int, error) {
|
||||||
|
ret := _m.Called(ctx, count)
|
||||||
|
|
||||||
|
var r0 int
|
||||||
|
var r1 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int) (int, error)); ok {
|
||||||
|
return rf(ctx, count)
|
||||||
|
}
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, int) int); ok {
|
||||||
|
r0 = rf(ctx, count)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Get(0).(int)
|
||||||
|
}
|
||||||
|
|
||||||
|
if rf, ok := ret.Get(1).(func(context.Context, int) error); ok {
|
||||||
|
r1 = rf(ctx, count)
|
||||||
|
} else {
|
||||||
|
r1 = ret.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0, r1
|
||||||
|
}
|
||||||
|
|
||||||
|
// HandleJobStarted provides a mock function with given fields: ctx, jobInfo
|
||||||
|
func (_m *Handler) HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error {
|
||||||
|
ret := _m.Called(ctx, jobInfo)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context, *actions.JobStarted) error); ok {
|
||||||
|
r0 = rf(ctx, jobInfo)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewHandler creates a new instance of Handler. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
|
||||||
|
// The first argument is typically a *testing.T value.
|
||||||
|
func NewHandler(t interface {
|
||||||
|
mock.TestingT
|
||||||
|
Cleanup(func())
|
||||||
|
}) *Handler {
|
||||||
|
mock := &Handler{}
|
||||||
|
mock.Mock.Test(t)
|
||||||
|
|
||||||
|
t.Cleanup(func() { mock.AssertExpectations(t) })
|
||||||
|
|
||||||
|
return mock
|
||||||
|
}
|
||||||
40
cmd/ghalistener/main.go
Normal file
40
cmd/ghalistener/main.go
Normal file
@@ -0,0 +1,40 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
"os/signal"
|
||||||
|
"syscall"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/app"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/config"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
configPath, ok := os.LookupEnv("LISTENER_CONFIG_PATH")
|
||||||
|
if !ok {
|
||||||
|
fmt.Fprintf(os.Stderr, "Error: LISTENER_CONFIG_PATH environment variable is not set\n")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
config, err := config.Read(configPath)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Failed to read config: %v", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
app, err := app.New(config)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Failed to initialize app: %v", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
|
||||||
|
defer stop()
|
||||||
|
|
||||||
|
if err := app.Run(ctx); err != nil {
|
||||||
|
log.Printf("Application returned an error: %v", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
}
|
||||||
387
cmd/ghalistener/metrics/metrics.go
Normal file
387
cmd/ghalistener/metrics/metrics.go
Normal file
@@ -0,0 +1,387 @@
|
|||||||
|
package metrics
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
"github.com/go-logr/logr"
|
||||||
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
labelKeyRunnerScaleSetName = "name"
|
||||||
|
labelKeyRunnerScaleSetNamespace = "namespace"
|
||||||
|
labelKeyEnterprise = "enterprise"
|
||||||
|
labelKeyOrganization = "organization"
|
||||||
|
labelKeyRepository = "repository"
|
||||||
|
labelKeyJobName = "job_name"
|
||||||
|
labelKeyJobWorkflowRef = "job_workflow_ref"
|
||||||
|
labelKeyEventName = "event_name"
|
||||||
|
labelKeyJobResult = "job_result"
|
||||||
|
labelKeyRunnerID = "runner_id"
|
||||||
|
labelKeyRunnerName = "runner_name"
|
||||||
|
)
|
||||||
|
|
||||||
|
const githubScaleSetSubsystem = "gha"
|
||||||
|
|
||||||
|
// labels
|
||||||
|
var (
|
||||||
|
scaleSetLabels = []string{
|
||||||
|
labelKeyRunnerScaleSetName,
|
||||||
|
labelKeyRepository,
|
||||||
|
labelKeyOrganization,
|
||||||
|
labelKeyEnterprise,
|
||||||
|
labelKeyRunnerScaleSetNamespace,
|
||||||
|
}
|
||||||
|
|
||||||
|
jobLabels = []string{
|
||||||
|
labelKeyRepository,
|
||||||
|
labelKeyOrganization,
|
||||||
|
labelKeyEnterprise,
|
||||||
|
labelKeyJobName,
|
||||||
|
labelKeyJobWorkflowRef,
|
||||||
|
labelKeyEventName,
|
||||||
|
}
|
||||||
|
|
||||||
|
completedJobsTotalLabels = append(jobLabels, labelKeyJobResult, labelKeyRunnerID, labelKeyRunnerName)
|
||||||
|
jobExecutionDurationLabels = append(jobLabels, labelKeyJobResult, labelKeyRunnerID, labelKeyRunnerName)
|
||||||
|
startedJobsTotalLabels = append(jobLabels, labelKeyRunnerID, labelKeyRunnerName)
|
||||||
|
jobStartupDurationLabels = append(jobLabels, labelKeyRunnerID, labelKeyRunnerName)
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
assignedJobs = prometheus.NewGaugeVec(
|
||||||
|
prometheus.GaugeOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "assigned_jobs",
|
||||||
|
Help: "Number of jobs assigned to this scale set.",
|
||||||
|
},
|
||||||
|
scaleSetLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
runningJobs = prometheus.NewGaugeVec(
|
||||||
|
prometheus.GaugeOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "running_jobs",
|
||||||
|
Help: "Number of jobs running (or about to be run).",
|
||||||
|
},
|
||||||
|
scaleSetLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
registeredRunners = prometheus.NewGaugeVec(
|
||||||
|
prometheus.GaugeOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "registered_runners",
|
||||||
|
Help: "Number of runners registered by the scale set.",
|
||||||
|
},
|
||||||
|
scaleSetLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
busyRunners = prometheus.NewGaugeVec(
|
||||||
|
prometheus.GaugeOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "busy_runners",
|
||||||
|
Help: "Number of registered runners running a job.",
|
||||||
|
},
|
||||||
|
scaleSetLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
minRunners = prometheus.NewGaugeVec(
|
||||||
|
prometheus.GaugeOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "min_runners",
|
||||||
|
Help: "Minimum number of runners.",
|
||||||
|
},
|
||||||
|
scaleSetLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
maxRunners = prometheus.NewGaugeVec(
|
||||||
|
prometheus.GaugeOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "max_runners",
|
||||||
|
Help: "Maximum number of runners.",
|
||||||
|
},
|
||||||
|
scaleSetLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
desiredRunners = prometheus.NewGaugeVec(
|
||||||
|
prometheus.GaugeOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "desired_runners",
|
||||||
|
Help: "Number of runners desired by the scale set.",
|
||||||
|
},
|
||||||
|
scaleSetLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
idleRunners = prometheus.NewGaugeVec(
|
||||||
|
prometheus.GaugeOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "idle_runners",
|
||||||
|
Help: "Number of registered runners not running a job.",
|
||||||
|
},
|
||||||
|
scaleSetLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
startedJobsTotal = prometheus.NewCounterVec(
|
||||||
|
prometheus.CounterOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "started_jobs_total",
|
||||||
|
Help: "Total number of jobs started.",
|
||||||
|
},
|
||||||
|
startedJobsTotalLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
completedJobsTotal = prometheus.NewCounterVec(
|
||||||
|
prometheus.CounterOpts{
|
||||||
|
Name: "completed_jobs_total",
|
||||||
|
Help: "Total number of jobs completed.",
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
},
|
||||||
|
completedJobsTotalLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
jobStartupDurationSeconds = prometheus.NewHistogramVec(
|
||||||
|
prometheus.HistogramOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "job_startup_duration_seconds",
|
||||||
|
Help: "Time spent waiting for workflow job to get started on the runner owned by the scale set (in seconds).",
|
||||||
|
Buckets: runtimeBuckets,
|
||||||
|
},
|
||||||
|
jobStartupDurationLabels,
|
||||||
|
)
|
||||||
|
|
||||||
|
jobExecutionDurationSeconds = prometheus.NewHistogramVec(
|
||||||
|
prometheus.HistogramOpts{
|
||||||
|
Subsystem: githubScaleSetSubsystem,
|
||||||
|
Name: "job_execution_duration_seconds",
|
||||||
|
Help: "Time spent executing workflow jobs by the scale set (in seconds).",
|
||||||
|
Buckets: runtimeBuckets,
|
||||||
|
},
|
||||||
|
jobExecutionDurationLabels,
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
var runtimeBuckets []float64 = []float64{
|
||||||
|
0.01,
|
||||||
|
0.05,
|
||||||
|
0.1,
|
||||||
|
0.5,
|
||||||
|
1,
|
||||||
|
2,
|
||||||
|
3,
|
||||||
|
4,
|
||||||
|
5,
|
||||||
|
6,
|
||||||
|
7,
|
||||||
|
8,
|
||||||
|
9,
|
||||||
|
10,
|
||||||
|
12,
|
||||||
|
15,
|
||||||
|
18,
|
||||||
|
20,
|
||||||
|
25,
|
||||||
|
30,
|
||||||
|
40,
|
||||||
|
50,
|
||||||
|
60,
|
||||||
|
70,
|
||||||
|
80,
|
||||||
|
90,
|
||||||
|
100,
|
||||||
|
110,
|
||||||
|
120,
|
||||||
|
150,
|
||||||
|
180,
|
||||||
|
210,
|
||||||
|
240,
|
||||||
|
300,
|
||||||
|
360,
|
||||||
|
420,
|
||||||
|
480,
|
||||||
|
540,
|
||||||
|
600,
|
||||||
|
900,
|
||||||
|
1200,
|
||||||
|
1800,
|
||||||
|
2400,
|
||||||
|
3000,
|
||||||
|
3600,
|
||||||
|
}
|
||||||
|
|
||||||
|
type baseLabels struct {
|
||||||
|
scaleSetName string
|
||||||
|
scaleSetNamespace string
|
||||||
|
enterprise string
|
||||||
|
organization string
|
||||||
|
repository string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *baseLabels) jobLabels(jobBase *actions.JobMessageBase) prometheus.Labels {
|
||||||
|
return prometheus.Labels{
|
||||||
|
labelKeyEnterprise: b.enterprise,
|
||||||
|
labelKeyOrganization: b.organization,
|
||||||
|
labelKeyRepository: b.repository,
|
||||||
|
labelKeyJobName: jobBase.JobDisplayName,
|
||||||
|
labelKeyJobWorkflowRef: jobBase.JobWorkflowRef,
|
||||||
|
labelKeyEventName: jobBase.EventName,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *baseLabels) scaleSetLabels() prometheus.Labels {
|
||||||
|
return prometheus.Labels{
|
||||||
|
labelKeyRunnerScaleSetName: b.scaleSetName,
|
||||||
|
labelKeyRunnerScaleSetNamespace: b.scaleSetNamespace,
|
||||||
|
labelKeyEnterprise: b.enterprise,
|
||||||
|
labelKeyOrganization: b.organization,
|
||||||
|
labelKeyRepository: b.repository,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *baseLabels) completedJobLabels(msg *actions.JobCompleted) prometheus.Labels {
|
||||||
|
l := b.jobLabels(&msg.JobMessageBase)
|
||||||
|
l[labelKeyRunnerID] = strconv.Itoa(msg.RunnerId)
|
||||||
|
l[labelKeyJobResult] = msg.Result
|
||||||
|
l[labelKeyRunnerName] = msg.RunnerName
|
||||||
|
return l
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *baseLabels) startedJobLabels(msg *actions.JobStarted) prometheus.Labels {
|
||||||
|
l := b.jobLabels(&msg.JobMessageBase)
|
||||||
|
l[labelKeyRunnerID] = strconv.Itoa(msg.RunnerId)
|
||||||
|
l[labelKeyRunnerName] = msg.RunnerName
|
||||||
|
return l
|
||||||
|
}
|
||||||
|
|
||||||
|
//go:generate mockery --name Publisher --output ./mocks --outpkg mocks --case underscore
|
||||||
|
type Publisher interface {
|
||||||
|
PublishStatic(min, max int)
|
||||||
|
PublishStatistics(stats *actions.RunnerScaleSetStatistic)
|
||||||
|
PublishJobStarted(msg *actions.JobStarted)
|
||||||
|
PublishJobCompleted(msg *actions.JobCompleted)
|
||||||
|
PublishDesiredRunners(count int)
|
||||||
|
}
|
||||||
|
|
||||||
|
//go:generate mockery --name ServerPublisher --output ./mocks --outpkg mocks --case underscore
|
||||||
|
type ServerPublisher interface {
|
||||||
|
Publisher
|
||||||
|
ListenAndServe(ctx context.Context) error
|
||||||
|
}
|
||||||
|
|
||||||
|
var _ Publisher = &discard{}
|
||||||
|
var _ ServerPublisher = &exporter{}
|
||||||
|
|
||||||
|
var Discard Publisher = &discard{}
|
||||||
|
|
||||||
|
type exporter struct {
|
||||||
|
logger logr.Logger
|
||||||
|
baseLabels
|
||||||
|
srv *http.Server
|
||||||
|
}
|
||||||
|
|
||||||
|
type ExporterConfig struct {
|
||||||
|
ScaleSetName string
|
||||||
|
ScaleSetNamespace string
|
||||||
|
Enterprise string
|
||||||
|
Organization string
|
||||||
|
Repository string
|
||||||
|
ServerAddr string
|
||||||
|
ServerEndpoint string
|
||||||
|
Logger logr.Logger
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewExporter(config ExporterConfig) ServerPublisher {
|
||||||
|
reg := prometheus.NewRegistry()
|
||||||
|
reg.MustRegister(
|
||||||
|
assignedJobs,
|
||||||
|
runningJobs,
|
||||||
|
registeredRunners,
|
||||||
|
busyRunners,
|
||||||
|
minRunners,
|
||||||
|
maxRunners,
|
||||||
|
desiredRunners,
|
||||||
|
idleRunners,
|
||||||
|
startedJobsTotal,
|
||||||
|
completedJobsTotal,
|
||||||
|
jobStartupDurationSeconds,
|
||||||
|
jobExecutionDurationSeconds,
|
||||||
|
)
|
||||||
|
|
||||||
|
mux := http.NewServeMux()
|
||||||
|
mux.Handle(
|
||||||
|
config.ServerEndpoint,
|
||||||
|
promhttp.HandlerFor(reg, promhttp.HandlerOpts{Registry: reg}),
|
||||||
|
)
|
||||||
|
|
||||||
|
return &exporter{
|
||||||
|
logger: config.Logger.WithName("metrics"),
|
||||||
|
baseLabels: baseLabels{
|
||||||
|
scaleSetName: config.ScaleSetName,
|
||||||
|
scaleSetNamespace: config.ScaleSetNamespace,
|
||||||
|
enterprise: config.Enterprise,
|
||||||
|
organization: config.Organization,
|
||||||
|
repository: config.Repository,
|
||||||
|
},
|
||||||
|
srv: &http.Server{
|
||||||
|
Addr: config.ServerAddr,
|
||||||
|
Handler: mux,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *exporter) ListenAndServe(ctx context.Context) error {
|
||||||
|
e.logger.Info("starting metrics server", "addr", e.srv.Addr)
|
||||||
|
go func() {
|
||||||
|
<-ctx.Done()
|
||||||
|
e.logger.Info("stopping metrics server")
|
||||||
|
e.srv.Shutdown(ctx)
|
||||||
|
}()
|
||||||
|
return e.srv.ListenAndServe()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *exporter) PublishStatic(min, max int) {
|
||||||
|
l := m.scaleSetLabels()
|
||||||
|
maxRunners.With(l).Set(float64(max))
|
||||||
|
minRunners.With(l).Set(float64(min))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *exporter) PublishStatistics(stats *actions.RunnerScaleSetStatistic) {
|
||||||
|
l := e.scaleSetLabels()
|
||||||
|
|
||||||
|
assignedJobs.With(l).Set(float64(stats.TotalAssignedJobs))
|
||||||
|
runningJobs.With(l).Set(float64(stats.TotalRunningJobs))
|
||||||
|
registeredRunners.With(l).Set(float64(stats.TotalRegisteredRunners))
|
||||||
|
busyRunners.With(l).Set(float64(stats.TotalBusyRunners))
|
||||||
|
idleRunners.With(l).Set(float64(stats.TotalIdleRunners))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *exporter) PublishJobStarted(msg *actions.JobStarted) {
|
||||||
|
l := e.startedJobLabels(msg)
|
||||||
|
startedJobsTotal.With(l).Inc()
|
||||||
|
|
||||||
|
startupDuration := msg.JobMessageBase.RunnerAssignTime.Unix() - msg.JobMessageBase.ScaleSetAssignTime.Unix()
|
||||||
|
jobStartupDurationSeconds.With(l).Observe(float64(startupDuration))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *exporter) PublishJobCompleted(msg *actions.JobCompleted) {
|
||||||
|
l := e.completedJobLabels(msg)
|
||||||
|
completedJobsTotal.With(l).Inc()
|
||||||
|
|
||||||
|
executionDuration := msg.JobMessageBase.FinishTime.Unix() - msg.JobMessageBase.RunnerAssignTime.Unix()
|
||||||
|
jobExecutionDurationSeconds.With(l).Observe(float64(executionDuration))
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *exporter) PublishDesiredRunners(count int) {
|
||||||
|
desiredRunners.With(m.scaleSetLabels()).Set(float64(count))
|
||||||
|
}
|
||||||
|
|
||||||
|
type discard struct{}
|
||||||
|
|
||||||
|
func (*discard) PublishStatic(int, int) {}
|
||||||
|
func (*discard) PublishStatistics(*actions.RunnerScaleSetStatistic) {}
|
||||||
|
func (*discard) PublishJobStarted(*actions.JobStarted) {}
|
||||||
|
func (*discard) PublishJobCompleted(*actions.JobCompleted) {}
|
||||||
|
func (*discard) PublishDesiredRunners(int) {}
|
||||||
53
cmd/ghalistener/metrics/mocks/publisher.go
Normal file
53
cmd/ghalistener/metrics/mocks/publisher.go
Normal file
@@ -0,0 +1,53 @@
|
|||||||
|
// Code generated by mockery v2.36.1. DO NOT EDIT.
|
||||||
|
|
||||||
|
package mocks
|
||||||
|
|
||||||
|
import (
|
||||||
|
actions "github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
|
||||||
|
mock "github.com/stretchr/testify/mock"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Publisher is an autogenerated mock type for the Publisher type
|
||||||
|
type Publisher struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishDesiredRunners provides a mock function with given fields: count
|
||||||
|
func (_m *Publisher) PublishDesiredRunners(count int) {
|
||||||
|
_m.Called(count)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishJobCompleted provides a mock function with given fields: msg
|
||||||
|
func (_m *Publisher) PublishJobCompleted(msg *actions.JobCompleted) {
|
||||||
|
_m.Called(msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishJobStarted provides a mock function with given fields: msg
|
||||||
|
func (_m *Publisher) PublishJobStarted(msg *actions.JobStarted) {
|
||||||
|
_m.Called(msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishStatic provides a mock function with given fields: min, max
|
||||||
|
func (_m *Publisher) PublishStatic(min int, max int) {
|
||||||
|
_m.Called(min, max)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishStatistics provides a mock function with given fields: stats
|
||||||
|
func (_m *Publisher) PublishStatistics(stats *actions.RunnerScaleSetStatistic) {
|
||||||
|
_m.Called(stats)
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewPublisher creates a new instance of Publisher. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
|
||||||
|
// The first argument is typically a *testing.T value.
|
||||||
|
func NewPublisher(t interface {
|
||||||
|
mock.TestingT
|
||||||
|
Cleanup(func())
|
||||||
|
}) *Publisher {
|
||||||
|
mock := &Publisher{}
|
||||||
|
mock.Mock.Test(t)
|
||||||
|
|
||||||
|
t.Cleanup(func() { mock.AssertExpectations(t) })
|
||||||
|
|
||||||
|
return mock
|
||||||
|
}
|
||||||
69
cmd/ghalistener/metrics/mocks/server_publisher.go
Normal file
69
cmd/ghalistener/metrics/mocks/server_publisher.go
Normal file
@@ -0,0 +1,69 @@
|
|||||||
|
// Code generated by mockery v2.36.1. DO NOT EDIT.
|
||||||
|
|
||||||
|
package mocks
|
||||||
|
|
||||||
|
import (
|
||||||
|
context "context"
|
||||||
|
|
||||||
|
actions "github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
|
||||||
|
mock "github.com/stretchr/testify/mock"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ServerPublisher is an autogenerated mock type for the ServerPublisher type
|
||||||
|
type ServerPublisher struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
// ListenAndServe provides a mock function with given fields: ctx
|
||||||
|
func (_m *ServerPublisher) ListenAndServe(ctx context.Context) error {
|
||||||
|
ret := _m.Called(ctx)
|
||||||
|
|
||||||
|
var r0 error
|
||||||
|
if rf, ok := ret.Get(0).(func(context.Context) error); ok {
|
||||||
|
r0 = rf(ctx)
|
||||||
|
} else {
|
||||||
|
r0 = ret.Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
return r0
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishDesiredRunners provides a mock function with given fields: count
|
||||||
|
func (_m *ServerPublisher) PublishDesiredRunners(count int) {
|
||||||
|
_m.Called(count)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishJobCompleted provides a mock function with given fields: msg
|
||||||
|
func (_m *ServerPublisher) PublishJobCompleted(msg *actions.JobCompleted) {
|
||||||
|
_m.Called(msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishJobStarted provides a mock function with given fields: msg
|
||||||
|
func (_m *ServerPublisher) PublishJobStarted(msg *actions.JobStarted) {
|
||||||
|
_m.Called(msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishStatic provides a mock function with given fields: min, max
|
||||||
|
func (_m *ServerPublisher) PublishStatic(min int, max int) {
|
||||||
|
_m.Called(min, max)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PublishStatistics provides a mock function with given fields: stats
|
||||||
|
func (_m *ServerPublisher) PublishStatistics(stats *actions.RunnerScaleSetStatistic) {
|
||||||
|
_m.Called(stats)
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewServerPublisher creates a new instance of ServerPublisher. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
|
||||||
|
// The first argument is typically a *testing.T value.
|
||||||
|
func NewServerPublisher(t interface {
|
||||||
|
mock.TestingT
|
||||||
|
Cleanup(func())
|
||||||
|
}) *ServerPublisher {
|
||||||
|
mock := &ServerPublisher{}
|
||||||
|
mock.Mock.Test(t)
|
||||||
|
|
||||||
|
t.Cleanup(func() { mock.AssertExpectations(t) })
|
||||||
|
|
||||||
|
return mock
|
||||||
|
}
|
||||||
234
cmd/ghalistener/worker/worker.go
Normal file
234
cmd/ghalistener/worker/worker.go
Normal file
@@ -0,0 +1,234 @@
|
|||||||
|
package worker
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/ghalistener/listener"
|
||||||
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
|
"github.com/actions/actions-runner-controller/logging"
|
||||||
|
jsonpatch "github.com/evanphx/json-patch"
|
||||||
|
"github.com/go-logr/logr"
|
||||||
|
kerrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
|
"k8s.io/apimachinery/pkg/types"
|
||||||
|
"k8s.io/client-go/kubernetes"
|
||||||
|
"k8s.io/client-go/rest"
|
||||||
|
)
|
||||||
|
|
||||||
|
const workerName = "kubernetesworker"
|
||||||
|
|
||||||
|
type Option func(*Worker)
|
||||||
|
|
||||||
|
func WithLogger(logger logr.Logger) Option {
|
||||||
|
return func(w *Worker) {
|
||||||
|
logger = logger.WithName(workerName)
|
||||||
|
w.logger = &logger
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
EphemeralRunnerSetNamespace string
|
||||||
|
EphemeralRunnerSetName string
|
||||||
|
MaxRunners int
|
||||||
|
MinRunners int
|
||||||
|
}
|
||||||
|
|
||||||
|
// The Worker's role is to process the messages it receives from the listener.
|
||||||
|
// It then initiates Kubernetes API requests to carry out the necessary actions.
|
||||||
|
type Worker struct {
|
||||||
|
clientset *kubernetes.Clientset
|
||||||
|
config Config
|
||||||
|
lastPatch int
|
||||||
|
logger *logr.Logger
|
||||||
|
}
|
||||||
|
|
||||||
|
var _ listener.Handler = (*Worker)(nil)
|
||||||
|
|
||||||
|
func New(config Config, options ...Option) (*Worker, error) {
|
||||||
|
w := &Worker{
|
||||||
|
config: config,
|
||||||
|
lastPatch: -1,
|
||||||
|
}
|
||||||
|
|
||||||
|
conf, err := rest.InClusterConfig()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
clientset, err := kubernetes.NewForConfig(conf)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
w.clientset = clientset
|
||||||
|
|
||||||
|
for _, option := range options {
|
||||||
|
option(w)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := w.applyDefaults(); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return w, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (w *Worker) applyDefaults() error {
|
||||||
|
if w.logger == nil {
|
||||||
|
logger, err := logging.NewLogger(logging.LogLevelDebug, logging.LogFormatJSON)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("NewLogger failed: %w", err)
|
||||||
|
}
|
||||||
|
logger = logger.WithName(workerName)
|
||||||
|
w.logger = &logger
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// HandleJobStarted updates the job information for the ephemeral runner when a job is started.
|
||||||
|
// It takes a context and a jobInfo parameter which contains the details of the started job.
|
||||||
|
// This update marks the ephemeral runner so that the controller would have more context
|
||||||
|
// about the ephemeral runner that should not be deleted when scaling down.
|
||||||
|
// It returns an error if there is any issue with updating the job information.
|
||||||
|
func (w *Worker) HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error {
|
||||||
|
w.logger.Info("Updating job info for the runner",
|
||||||
|
"runnerName", jobInfo.RunnerName,
|
||||||
|
"ownerName", jobInfo.OwnerName,
|
||||||
|
"repoName", jobInfo.RepositoryName,
|
||||||
|
"workflowRef", jobInfo.JobWorkflowRef,
|
||||||
|
"workflowRunId", jobInfo.WorkflowRunId,
|
||||||
|
"jobDisplayName", jobInfo.JobDisplayName,
|
||||||
|
"requestId", jobInfo.RunnerRequestId)
|
||||||
|
|
||||||
|
original, err := json.Marshal(&v1alpha1.EphemeralRunner{})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to marshal empty ephemeral runner: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
patch, err := json.Marshal(
|
||||||
|
&v1alpha1.EphemeralRunner{
|
||||||
|
Status: v1alpha1.EphemeralRunnerStatus{
|
||||||
|
JobRequestId: jobInfo.RunnerRequestId,
|
||||||
|
JobRepositoryName: fmt.Sprintf("%s/%s", jobInfo.OwnerName, jobInfo.RepositoryName),
|
||||||
|
WorkflowRunId: jobInfo.WorkflowRunId,
|
||||||
|
JobWorkflowRef: jobInfo.JobWorkflowRef,
|
||||||
|
JobDisplayName: jobInfo.JobDisplayName,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to marshal ephemeral runner patch: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
mergePatch, err := jsonpatch.CreateMergePatch(original, patch)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to create merge patch json for ephemeral runner: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
w.logger.Info("Updating ephemeral runner with merge patch", "json", string(mergePatch))
|
||||||
|
|
||||||
|
patchedStatus := &v1alpha1.EphemeralRunner{}
|
||||||
|
err = w.clientset.RESTClient().
|
||||||
|
Patch(types.MergePatchType).
|
||||||
|
Prefix("apis", v1alpha1.GroupVersion.Group, v1alpha1.GroupVersion.Version).
|
||||||
|
Namespace(w.config.EphemeralRunnerSetNamespace).
|
||||||
|
Resource("EphemeralRunners").
|
||||||
|
Name(jobInfo.RunnerName).
|
||||||
|
SubResource("status").
|
||||||
|
Body(mergePatch).
|
||||||
|
Do(ctx).
|
||||||
|
Into(patchedStatus)
|
||||||
|
if err != nil {
|
||||||
|
if kerrors.IsNotFound(err) {
|
||||||
|
w.logger.Info("Ephemeral runner not found, skipping patching of ephemeral runner status", "runnerName", jobInfo.RunnerName)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return fmt.Errorf("could not patch ephemeral runner status, patch JSON: %s, error: %w", string(mergePatch), err)
|
||||||
|
}
|
||||||
|
|
||||||
|
w.logger.Info("Ephemeral runner status updated with the merge patch successfully.")
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// HandleDesiredRunnerCount handles the desired runner count by scaling the ephemeral runner set.
|
||||||
|
// The function calculates the target runner count based on the minimum and maximum runner count configuration.
|
||||||
|
// If the target runner count is the same as the last patched count, it skips patching and returns nil.
|
||||||
|
// Otherwise, it creates a merge patch JSON for updating the ephemeral runner set with the desired count.
|
||||||
|
// The function then scales the ephemeral runner set by applying the merge patch.
|
||||||
|
// Finally, it logs the scaled ephemeral runner set details and returns nil if successful.
|
||||||
|
// If any error occurs during the process, it returns an error with a descriptive message.
|
||||||
|
func (w *Worker) HandleDesiredRunnerCount(ctx context.Context, count int) (int, error) {
|
||||||
|
// Max runners should always be set by the resource builder either to the configured value,
|
||||||
|
// or the maximum int32 (resourcebuilder.newAutoScalingListener()).
|
||||||
|
targetRunnerCount := min(w.config.MinRunners+count, w.config.MaxRunners)
|
||||||
|
|
||||||
|
logValues := []any{
|
||||||
|
"assigned job", count,
|
||||||
|
"decision", targetRunnerCount,
|
||||||
|
"min", w.config.MinRunners,
|
||||||
|
"max", w.config.MaxRunners,
|
||||||
|
"currentRunnerCount", w.lastPatch,
|
||||||
|
}
|
||||||
|
|
||||||
|
if targetRunnerCount == w.lastPatch {
|
||||||
|
w.logger.Info("Skipping patching of EphemeralRunnerSet as the desired count has not changed", logValues...)
|
||||||
|
return targetRunnerCount, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
original, err := json.Marshal(
|
||||||
|
&v1alpha1.EphemeralRunnerSet{
|
||||||
|
Spec: v1alpha1.EphemeralRunnerSetSpec{
|
||||||
|
Replicas: -1,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return 0, fmt.Errorf("failed to marshal empty ephemeral runner set: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
patch, err := json.Marshal(
|
||||||
|
&v1alpha1.EphemeralRunnerSet{
|
||||||
|
Spec: v1alpha1.EphemeralRunnerSetSpec{
|
||||||
|
Replicas: targetRunnerCount,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
w.logger.Error(err, "could not marshal patch ephemeral runner set")
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
|
||||||
|
mergePatch, err := jsonpatch.CreateMergePatch(original, patch)
|
||||||
|
if err != nil {
|
||||||
|
return 0, fmt.Errorf("failed to create merge patch json for ephemeral runner set: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
w.logger.Info("Created merge patch json for EphemeralRunnerSet update", "json", string(mergePatch))
|
||||||
|
|
||||||
|
w.logger.Info("Scaling ephemeral runner set", logValues...)
|
||||||
|
|
||||||
|
patchedEphemeralRunnerSet := &v1alpha1.EphemeralRunnerSet{}
|
||||||
|
err = w.clientset.RESTClient().
|
||||||
|
Patch(types.MergePatchType).
|
||||||
|
Prefix("apis", v1alpha1.GroupVersion.Group, v1alpha1.GroupVersion.Version).
|
||||||
|
Namespace(w.config.EphemeralRunnerSetNamespace).
|
||||||
|
Resource("ephemeralrunnersets").
|
||||||
|
Name(w.config.EphemeralRunnerSetName).
|
||||||
|
Body([]byte(mergePatch)).
|
||||||
|
Do(ctx).
|
||||||
|
Into(patchedEphemeralRunnerSet)
|
||||||
|
if err != nil {
|
||||||
|
return 0, fmt.Errorf("could not patch ephemeral runner set , patch JSON: %s, error: %w", string(mergePatch), err)
|
||||||
|
}
|
||||||
|
|
||||||
|
w.logger.Info("Ephemeral runner set scaled.",
|
||||||
|
"namespace", w.config.EphemeralRunnerSetNamespace,
|
||||||
|
"name", w.config.EphemeralRunnerSetName,
|
||||||
|
"replicas", patchedEphemeralRunnerSet.Spec.Replicas,
|
||||||
|
)
|
||||||
|
return targetRunnerCount, nil
|
||||||
|
}
|
||||||
@@ -5,9 +5,9 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/githubrunnerscalesetlistener/config"
|
||||||
"github.com/actions/actions-runner-controller/github/actions"
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
"github.com/go-logr/logr"
|
"github.com/go-logr/logr"
|
||||||
)
|
)
|
||||||
@@ -30,7 +30,7 @@ type Service struct {
|
|||||||
errs []error
|
errs []error
|
||||||
}
|
}
|
||||||
|
|
||||||
func WithPrometheusMetrics(conf RunnerScaleSetListenerConfig) func(*Service) {
|
func WithPrometheusMetrics(conf config.Config) func(*Service) {
|
||||||
return func(svc *Service) {
|
return func(svc *Service) {
|
||||||
parsedURL, err := actions.ParseGitHubConfigFromURL(conf.ConfigureUrl)
|
parsedURL, err := actions.ParseGitHubConfigFromURL(conf.ConfigureUrl)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -81,6 +81,7 @@ func NewService(
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) Start() error {
|
func (s *Service) Start() error {
|
||||||
|
s.metricsExporter.publishStatic(s.settings.MaxRunners, s.settings.MinRunners)
|
||||||
for {
|
for {
|
||||||
s.logger.Info("waiting for message...")
|
s.logger.Info("waiting for message...")
|
||||||
select {
|
select {
|
||||||
@@ -204,7 +205,9 @@ func (s *Service) processMessage(message *actions.RunnerScaleSetMessage) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Service) scaleForAssignedJobCount(count int) error {
|
func (s *Service) scaleForAssignedJobCount(count int) error {
|
||||||
targetRunnerCount := int(math.Max(math.Min(float64(s.settings.MaxRunners), float64(count)), float64(s.settings.MinRunners)))
|
// Max runners should always be set by the resource builder either to the configured value,
|
||||||
|
// or the maximum int32 (resourcebuilder.newAutoScalingListener()).
|
||||||
|
targetRunnerCount := min(s.settings.MinRunners+count, s.settings.MaxRunners)
|
||||||
s.metricsExporter.publishDesiredRunners(targetRunnerCount)
|
s.metricsExporter.publishDesiredRunners(targetRunnerCount)
|
||||||
if targetRunnerCount != s.currentRunnerCount {
|
if targetRunnerCount != s.currentRunnerCount {
|
||||||
s.logger.Info("try scale runner request up/down base on assigned job count",
|
s.logger.Info("try scale runner request up/down base on assigned job count",
|
||||||
|
|||||||
@@ -397,7 +397,7 @@ func TestProcessMessage_MultipleMessages(t *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return ids[0] == 3 && ids[1] == 4 })).Return(nil).Once()
|
mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return ids[0] == 3 && ids[1] == 4 })).Return(nil).Once()
|
||||||
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
|
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 3).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
|
||||||
|
|
||||||
err = service.processMessage(&actions.RunnerScaleSetMessage{
|
err = service.processMessage(&actions.RunnerScaleSetMessage{
|
||||||
MessageId: 1,
|
MessageId: 1,
|
||||||
@@ -523,9 +523,9 @@ func TestScaleForAssignedJobCount_ScaleWithinMinMax(t *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 1).Return(nil).Once()
|
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 1).Return(nil).Once()
|
||||||
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 3).Return(nil).Once()
|
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 4).Return(nil).Once()
|
||||||
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Return(nil).Once()
|
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Return(nil).Once()
|
||||||
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 1).Return(nil).Once()
|
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Return(nil).Once()
|
||||||
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Return(nil).Once()
|
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Return(nil).Once()
|
||||||
|
|
||||||
err = service.scaleForAssignedJobCount(0)
|
err = service.scaleForAssignedJobCount(0)
|
||||||
@@ -569,7 +569,7 @@ func TestScaleForAssignedJobCount_ScaleFailed(t *testing.T) {
|
|||||||
)
|
)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Return(fmt.Errorf("error"))
|
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 3).Return(fmt.Errorf("error"))
|
||||||
|
|
||||||
err = service.scaleForAssignedJobCount(2)
|
err = service.scaleForAssignedJobCount(2)
|
||||||
|
|
||||||
@@ -605,8 +605,23 @@ func TestProcessMessage_JobStartedMessage(t *testing.T) {
|
|||||||
|
|
||||||
service.currentRunnerCount = 1
|
service.currentRunnerCount = 1
|
||||||
|
|
||||||
mockKubeManager.On("UpdateEphemeralRunnerWithJobInfo", ctx, service.settings.Namespace, "runner1", "owner1", "repo1", ".github/workflows/ci.yaml", "job1", int64(100), int64(3)).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
|
mockKubeManager.On(
|
||||||
|
"UpdateEphemeralRunnerWithJobInfo",
|
||||||
|
ctx,
|
||||||
|
service.settings.Namespace,
|
||||||
|
"runner1",
|
||||||
|
"owner1",
|
||||||
|
"repo1",
|
||||||
|
".github/workflows/ci.yaml",
|
||||||
|
"job1",
|
||||||
|
int64(100),
|
||||||
|
int64(3),
|
||||||
|
).Run(
|
||||||
|
func(_ mock.Arguments) { cancel() },
|
||||||
|
).Return(nil).Once()
|
||||||
|
|
||||||
mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return len(ids) == 0 })).Return(nil).Once()
|
mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return len(ids) == 0 })).Return(nil).Once()
|
||||||
|
mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Return(nil)
|
||||||
|
|
||||||
err = service.processMessage(&actions.RunnerScaleSetMessage{
|
err = service.processMessage(&actions.RunnerScaleSetMessage{
|
||||||
MessageId: 1,
|
MessageId: 1,
|
||||||
|
|||||||
76
cmd/githubrunnerscalesetlistener/config/config.go
Normal file
76
cmd/githubrunnerscalesetlistener/config/config.go
Normal file
@@ -0,0 +1,76 @@
|
|||||||
|
package config
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
ConfigureUrl string `json:"configureUrl"`
|
||||||
|
AppID int64 `json:"appID"`
|
||||||
|
AppInstallationID int64 `json:"appInstallationID"`
|
||||||
|
AppPrivateKey string `json:"appPrivateKey"`
|
||||||
|
Token string `json:"token"`
|
||||||
|
EphemeralRunnerSetNamespace string `json:"ephemeralRunnerSetNamespace"`
|
||||||
|
EphemeralRunnerSetName string `json:"ephemeralRunnerSetName"`
|
||||||
|
MaxRunners int `json:"maxRunners"`
|
||||||
|
MinRunners int `json:"minRunners"`
|
||||||
|
RunnerScaleSetId int `json:"runnerScaleSetId"`
|
||||||
|
RunnerScaleSetName string `json:"runnerScaleSetName"`
|
||||||
|
ServerRootCA string `json:"serverRootCA"`
|
||||||
|
LogLevel string `json:"logLevel"`
|
||||||
|
LogFormat string `json:"logFormat"`
|
||||||
|
MetricsAddr string `json:"metricsAddr"`
|
||||||
|
MetricsEndpoint string `json:"metricsEndpoint"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func Read(path string) (Config, error) {
|
||||||
|
f, err := os.Open(path)
|
||||||
|
if err != nil {
|
||||||
|
return Config{}, err
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
|
||||||
|
var config Config
|
||||||
|
if err := json.NewDecoder(f).Decode(&config); err != nil {
|
||||||
|
return Config{}, fmt.Errorf("failed to decode config: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := config.validate(); err != nil {
|
||||||
|
return Config{}, fmt.Errorf("failed to validate config: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return config, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Config) validate() error {
|
||||||
|
if len(c.ConfigureUrl) == 0 {
|
||||||
|
return fmt.Errorf("GitHubConfigUrl is not provided")
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(c.EphemeralRunnerSetNamespace) == 0 || len(c.EphemeralRunnerSetName) == 0 {
|
||||||
|
return fmt.Errorf("EphemeralRunnerSetNamespace '%s' or EphemeralRunnerSetName '%s' is missing", c.EphemeralRunnerSetNamespace, c.EphemeralRunnerSetName)
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.RunnerScaleSetId == 0 {
|
||||||
|
return fmt.Errorf("RunnerScaleSetId '%d' is missing", c.RunnerScaleSetId)
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.MaxRunners < c.MinRunners {
|
||||||
|
return fmt.Errorf("MinRunners '%d' cannot be greater than MaxRunners '%d'", c.MinRunners, c.MaxRunners)
|
||||||
|
}
|
||||||
|
|
||||||
|
hasToken := len(c.Token) > 0
|
||||||
|
hasPrivateKeyConfig := c.AppID > 0 && c.AppPrivateKey != ""
|
||||||
|
|
||||||
|
if !hasToken && !hasPrivateKeyConfig {
|
||||||
|
return fmt.Errorf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(c.Token), c.AppID, c.AppInstallationID, len(c.AppPrivateKey))
|
||||||
|
}
|
||||||
|
|
||||||
|
if hasToken && hasPrivateKeyConfig {
|
||||||
|
return fmt.Errorf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(c.Token), c.AppID, c.AppInstallationID, len(c.AppPrivateKey))
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
92
cmd/githubrunnerscalesetlistener/config/config_test.go
Normal file
92
cmd/githubrunnerscalesetlistener/config/config_test.go
Normal file
@@ -0,0 +1,92 @@
|
|||||||
|
package config
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestConfigValidationMinMax(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
ConfigureUrl: "github.com/some_org/some_repo",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
MinRunners: 5,
|
||||||
|
MaxRunners: 2,
|
||||||
|
Token: "token",
|
||||||
|
}
|
||||||
|
err := config.validate()
|
||||||
|
assert.ErrorContains(t, err, "MinRunners '5' cannot be greater than MaxRunners '2", "Expected error about MinRunners > MaxRunners")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidationMissingToken(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
ConfigureUrl: "github.com/some_org/some_repo",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
}
|
||||||
|
err := config.validate()
|
||||||
|
expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
||||||
|
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidationAppKey(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
AppID: 1,
|
||||||
|
AppInstallationID: 10,
|
||||||
|
ConfigureUrl: "github.com/some_org/some_repo",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
}
|
||||||
|
err := config.validate()
|
||||||
|
expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
||||||
|
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidationOnlyOneTypeOfCredentials(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
AppID: 1,
|
||||||
|
AppInstallationID: 10,
|
||||||
|
AppPrivateKey: "asdf",
|
||||||
|
Token: "asdf",
|
||||||
|
ConfigureUrl: "github.com/some_org/some_repo",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
}
|
||||||
|
err := config.validate()
|
||||||
|
expectedError := fmt.Sprintf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
||||||
|
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidation(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
ConfigureUrl: "https://github.com/actions",
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
MinRunners: 1,
|
||||||
|
MaxRunners: 5,
|
||||||
|
Token: "asdf",
|
||||||
|
}
|
||||||
|
|
||||||
|
err := config.validate()
|
||||||
|
|
||||||
|
assert.NoError(t, err, "Expected no error")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestConfigValidationConfigUrl(t *testing.T) {
|
||||||
|
config := &Config{
|
||||||
|
EphemeralRunnerSetNamespace: "namespace",
|
||||||
|
EphemeralRunnerSetName: "deployment",
|
||||||
|
RunnerScaleSetId: 1,
|
||||||
|
}
|
||||||
|
|
||||||
|
err := config.validate()
|
||||||
|
|
||||||
|
assert.ErrorContains(t, err, "GitHubConfigUrl is not provided", "Expected error about missing ConfigureUrl")
|
||||||
|
}
|
||||||
@@ -28,39 +28,26 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/actions/actions-runner-controller/build"
|
"github.com/actions/actions-runner-controller/build"
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/githubrunnerscalesetlistener/config"
|
||||||
"github.com/actions/actions-runner-controller/github/actions"
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
"github.com/actions/actions-runner-controller/logging"
|
"github.com/actions/actions-runner-controller/logging"
|
||||||
"github.com/go-logr/logr"
|
"github.com/go-logr/logr"
|
||||||
"github.com/kelseyhightower/envconfig"
|
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||||
"golang.org/x/net/http/httpproxy"
|
"golang.org/x/net/http/httpproxy"
|
||||||
"golang.org/x/sync/errgroup"
|
"golang.org/x/sync/errgroup"
|
||||||
)
|
)
|
||||||
|
|
||||||
type RunnerScaleSetListenerConfig struct {
|
|
||||||
ConfigureUrl string `split_words:"true"`
|
|
||||||
AppID int64 `split_words:"true"`
|
|
||||||
AppInstallationID int64 `split_words:"true"`
|
|
||||||
AppPrivateKey string `split_words:"true"`
|
|
||||||
Token string `split_words:"true"`
|
|
||||||
EphemeralRunnerSetNamespace string `split_words:"true"`
|
|
||||||
EphemeralRunnerSetName string `split_words:"true"`
|
|
||||||
MaxRunners int `split_words:"true"`
|
|
||||||
MinRunners int `split_words:"true"`
|
|
||||||
RunnerScaleSetId int `split_words:"true"`
|
|
||||||
RunnerScaleSetName string `split_words:"true"`
|
|
||||||
ServerRootCA string `split_words:"true"`
|
|
||||||
LogLevel string `split_words:"true"`
|
|
||||||
LogFormat string `split_words:"true"`
|
|
||||||
MetricsAddr string `split_words:"true"`
|
|
||||||
MetricsEndpoint string `split_words:"true"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
var rc RunnerScaleSetListenerConfig
|
configPath, ok := os.LookupEnv("LISTENER_CONFIG_PATH")
|
||||||
if err := envconfig.Process("github", &rc); err != nil {
|
if !ok {
|
||||||
fmt.Fprintf(os.Stderr, "Error: processing environment variables for RunnerScaleSetListenerConfig: %v\n", err)
|
fmt.Fprintf(os.Stderr, "Error: LISTENER_CONFIG_PATH environment variable is not set\n")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
rc, err := config.Read(configPath)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Fprintf(os.Stderr, "Error: reading config from path(%q): %v\n", configPath, err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -80,12 +67,6 @@ func main() {
|
|||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate all inputs
|
|
||||||
if err := validateConfig(&rc); err != nil {
|
|
||||||
logger.Error(err, "Inputs validation failed")
|
|
||||||
os.Exit(1)
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
|
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
|
||||||
defer stop()
|
defer stop()
|
||||||
|
|
||||||
@@ -123,7 +104,7 @@ func main() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type metricsServer struct {
|
type metricsServer struct {
|
||||||
rc RunnerScaleSetListenerConfig
|
rc config.Config
|
||||||
logger logr.Logger
|
logger logr.Logger
|
||||||
srv *http.Server
|
srv *http.Server
|
||||||
}
|
}
|
||||||
@@ -173,7 +154,7 @@ type runOptions struct {
|
|||||||
serviceOptions []func(*Service)
|
serviceOptions []func(*Service)
|
||||||
}
|
}
|
||||||
|
|
||||||
func run(ctx context.Context, rc RunnerScaleSetListenerConfig, logger logr.Logger, opts runOptions) error {
|
func run(ctx context.Context, rc config.Config, logger logr.Logger, opts runOptions) error {
|
||||||
// Create root context and hook with sigint and sigterm
|
// Create root context and hook with sigint and sigterm
|
||||||
creds := &actions.ActionsAuth{}
|
creds := &actions.ActionsAuth{}
|
||||||
if rc.Token != "" {
|
if rc.Token != "" {
|
||||||
@@ -195,6 +176,8 @@ func run(ctx context.Context, rc RunnerScaleSetListenerConfig, logger logr.Logge
|
|||||||
Version: build.Version,
|
Version: build.Version,
|
||||||
CommitSHA: build.CommitSHA,
|
CommitSHA: build.CommitSHA,
|
||||||
ScaleSetID: rc.RunnerScaleSetId,
|
ScaleSetID: rc.RunnerScaleSetId,
|
||||||
|
HasProxy: hasProxy(),
|
||||||
|
Subsystem: "githubrunnerscalesetlistener",
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to create an Actions Service client: %w", err)
|
return fmt.Errorf("failed to create an Actions Service client: %w", err)
|
||||||
@@ -232,38 +215,7 @@ func run(ctx context.Context, rc RunnerScaleSetListenerConfig, logger logr.Logge
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func validateConfig(config *RunnerScaleSetListenerConfig) error {
|
func newActionsClientFromConfig(config config.Config, creds *actions.ActionsAuth, options ...actions.ClientOption) (*actions.Client, error) {
|
||||||
if len(config.ConfigureUrl) == 0 {
|
|
||||||
return fmt.Errorf("GitHubConfigUrl is not provided")
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(config.EphemeralRunnerSetNamespace) == 0 || len(config.EphemeralRunnerSetName) == 0 {
|
|
||||||
return fmt.Errorf("EphemeralRunnerSetNamespace '%s' or EphemeralRunnerSetName '%s' is missing", config.EphemeralRunnerSetNamespace, config.EphemeralRunnerSetName)
|
|
||||||
}
|
|
||||||
|
|
||||||
if config.RunnerScaleSetId == 0 {
|
|
||||||
return fmt.Errorf("RunnerScaleSetId '%d' is missing", config.RunnerScaleSetId)
|
|
||||||
}
|
|
||||||
|
|
||||||
if config.MaxRunners < config.MinRunners {
|
|
||||||
return fmt.Errorf("MinRunners '%d' cannot be greater than MaxRunners '%d'", config.MinRunners, config.MaxRunners)
|
|
||||||
}
|
|
||||||
|
|
||||||
hasToken := len(config.Token) > 0
|
|
||||||
hasPrivateKeyConfig := config.AppID > 0 && config.AppPrivateKey != ""
|
|
||||||
|
|
||||||
if !hasToken && !hasPrivateKeyConfig {
|
|
||||||
return fmt.Errorf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
|
||||||
}
|
|
||||||
|
|
||||||
if hasToken && hasPrivateKeyConfig {
|
|
||||||
return fmt.Errorf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func newActionsClientFromConfig(config RunnerScaleSetListenerConfig, creds *actions.ActionsAuth, options ...actions.ClientOption) (*actions.Client, error) {
|
|
||||||
if config.ServerRootCA != "" {
|
if config.ServerRootCA != "" {
|
||||||
systemPool, err := x509.SystemCertPool()
|
systemPool, err := x509.SystemCertPool()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -285,3 +237,8 @@ func newActionsClientFromConfig(config RunnerScaleSetListenerConfig, creds *acti
|
|||||||
|
|
||||||
return actions.NewClient(config.ConfigureUrl, creds, options...)
|
return actions.NewClient(config.ConfigureUrl, creds, options...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func hasProxy() bool {
|
||||||
|
proxyFunc := httpproxy.FromEnvironment().ProxyFunc()
|
||||||
|
return proxyFunc != nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -3,7 +3,6 @@ package main
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"fmt"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"os"
|
"os"
|
||||||
@@ -13,94 +12,11 @@ import (
|
|||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
|
"github.com/actions/actions-runner-controller/cmd/githubrunnerscalesetlistener/config"
|
||||||
"github.com/actions/actions-runner-controller/github/actions"
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
"github.com/actions/actions-runner-controller/github/actions/testserver"
|
"github.com/actions/actions-runner-controller/github/actions/testserver"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestConfigValidationMinMax(t *testing.T) {
|
|
||||||
config := &RunnerScaleSetListenerConfig{
|
|
||||||
ConfigureUrl: "github.com/some_org/some_repo",
|
|
||||||
EphemeralRunnerSetNamespace: "namespace",
|
|
||||||
EphemeralRunnerSetName: "deployment",
|
|
||||||
RunnerScaleSetId: 1,
|
|
||||||
MinRunners: 5,
|
|
||||||
MaxRunners: 2,
|
|
||||||
Token: "token",
|
|
||||||
}
|
|
||||||
err := validateConfig(config)
|
|
||||||
assert.ErrorContains(t, err, "MinRunners '5' cannot be greater than MaxRunners '2", "Expected error about MinRunners > MaxRunners")
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestConfigValidationMissingToken(t *testing.T) {
|
|
||||||
config := &RunnerScaleSetListenerConfig{
|
|
||||||
ConfigureUrl: "github.com/some_org/some_repo",
|
|
||||||
EphemeralRunnerSetNamespace: "namespace",
|
|
||||||
EphemeralRunnerSetName: "deployment",
|
|
||||||
RunnerScaleSetId: 1,
|
|
||||||
}
|
|
||||||
err := validateConfig(config)
|
|
||||||
expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
|
||||||
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestConfigValidationAppKey(t *testing.T) {
|
|
||||||
config := &RunnerScaleSetListenerConfig{
|
|
||||||
AppID: 1,
|
|
||||||
AppInstallationID: 10,
|
|
||||||
ConfigureUrl: "github.com/some_org/some_repo",
|
|
||||||
EphemeralRunnerSetNamespace: "namespace",
|
|
||||||
EphemeralRunnerSetName: "deployment",
|
|
||||||
RunnerScaleSetId: 1,
|
|
||||||
}
|
|
||||||
err := validateConfig(config)
|
|
||||||
expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
|
||||||
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestConfigValidationOnlyOneTypeOfCredentials(t *testing.T) {
|
|
||||||
config := &RunnerScaleSetListenerConfig{
|
|
||||||
AppID: 1,
|
|
||||||
AppInstallationID: 10,
|
|
||||||
AppPrivateKey: "asdf",
|
|
||||||
Token: "asdf",
|
|
||||||
ConfigureUrl: "github.com/some_org/some_repo",
|
|
||||||
EphemeralRunnerSetNamespace: "namespace",
|
|
||||||
EphemeralRunnerSetName: "deployment",
|
|
||||||
RunnerScaleSetId: 1,
|
|
||||||
}
|
|
||||||
err := validateConfig(config)
|
|
||||||
expectedError := fmt.Sprintf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
|
|
||||||
assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestConfigValidation(t *testing.T) {
|
|
||||||
config := &RunnerScaleSetListenerConfig{
|
|
||||||
ConfigureUrl: "https://github.com/actions",
|
|
||||||
EphemeralRunnerSetNamespace: "namespace",
|
|
||||||
EphemeralRunnerSetName: "deployment",
|
|
||||||
RunnerScaleSetId: 1,
|
|
||||||
MinRunners: 1,
|
|
||||||
MaxRunners: 5,
|
|
||||||
Token: "asdf",
|
|
||||||
}
|
|
||||||
|
|
||||||
err := validateConfig(config)
|
|
||||||
|
|
||||||
assert.NoError(t, err, "Expected no error")
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestConfigValidationConfigUrl(t *testing.T) {
|
|
||||||
config := &RunnerScaleSetListenerConfig{
|
|
||||||
EphemeralRunnerSetNamespace: "namespace",
|
|
||||||
EphemeralRunnerSetName: "deployment",
|
|
||||||
RunnerScaleSetId: 1,
|
|
||||||
}
|
|
||||||
|
|
||||||
err := validateConfig(config)
|
|
||||||
|
|
||||||
assert.ErrorContains(t, err, "GitHubConfigUrl is not provided", "Expected error about missing ConfigureUrl")
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCustomerServerRootCA(t *testing.T) {
|
func TestCustomerServerRootCA(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
certsFolder := filepath.Join(
|
certsFolder := filepath.Join(
|
||||||
@@ -134,7 +50,7 @@ func TestCustomerServerRootCA(t *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
certsString = certsString + string(intermediate)
|
certsString = certsString + string(intermediate)
|
||||||
|
|
||||||
config := RunnerScaleSetListenerConfig{
|
config := config.Config{
|
||||||
ConfigureUrl: server.ConfigURLForOrg("myorg"),
|
ConfigureUrl: server.ConfigURLForOrg("myorg"),
|
||||||
ServerRootCA: certsString,
|
ServerRootCA: certsString,
|
||||||
}
|
}
|
||||||
@@ -164,7 +80,7 @@ func TestProxySettings(t *testing.T) {
|
|||||||
os.Setenv("http_proxy", proxy.URL)
|
os.Setenv("http_proxy", proxy.URL)
|
||||||
defer os.Setenv("http_proxy", prevProxy)
|
defer os.Setenv("http_proxy", prevProxy)
|
||||||
|
|
||||||
config := RunnerScaleSetListenerConfig{
|
config := config.Config{
|
||||||
ConfigureUrl: "https://github.com/org/repo",
|
ConfigureUrl: "https://github.com/org/repo",
|
||||||
}
|
}
|
||||||
creds := &actions.ActionsAuth{
|
creds := &actions.ActionsAuth{
|
||||||
@@ -196,7 +112,7 @@ func TestProxySettings(t *testing.T) {
|
|||||||
os.Setenv("https_proxy", proxy.URL)
|
os.Setenv("https_proxy", proxy.URL)
|
||||||
defer os.Setenv("https_proxy", prevProxy)
|
defer os.Setenv("https_proxy", prevProxy)
|
||||||
|
|
||||||
config := RunnerScaleSetListenerConfig{
|
config := config.Config{
|
||||||
ConfigureUrl: "https://github.com/org/repo",
|
ConfigureUrl: "https://github.com/org/repo",
|
||||||
}
|
}
|
||||||
creds := &actions.ActionsAuth{
|
creds := &actions.ActionsAuth{
|
||||||
@@ -233,7 +149,7 @@ func TestProxySettings(t *testing.T) {
|
|||||||
os.Setenv("no_proxy", "example.com")
|
os.Setenv("no_proxy", "example.com")
|
||||||
defer os.Setenv("no_proxy", prevNoProxy)
|
defer os.Setenv("no_proxy", prevNoProxy)
|
||||||
|
|
||||||
config := RunnerScaleSetListenerConfig{
|
config := config.Config{
|
||||||
ConfigureUrl: "https://github.com/org/repo",
|
ConfigureUrl: "https://github.com/org/repo",
|
||||||
}
|
}
|
||||||
creds := &actions.ActionsAuth{
|
creds := &actions.ActionsAuth{
|
||||||
|
|||||||
@@ -1,8 +1,6 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"strconv"
|
|
||||||
|
|
||||||
"github.com/actions/actions-runner-controller/github/actions"
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
)
|
)
|
||||||
@@ -18,8 +16,6 @@ const (
|
|||||||
labelKeyJobWorkflowRef = "job_workflow_ref"
|
labelKeyJobWorkflowRef = "job_workflow_ref"
|
||||||
labelKeyEventName = "event_name"
|
labelKeyEventName = "event_name"
|
||||||
labelKeyJobResult = "job_result"
|
labelKeyJobResult = "job_result"
|
||||||
labelKeyRunnerID = "runner_id"
|
|
||||||
labelKeyRunnerName = "runner_name"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const githubScaleSetSubsystem = "gha"
|
const githubScaleSetSubsystem = "gha"
|
||||||
@@ -43,10 +39,15 @@ var (
|
|||||||
labelKeyEventName,
|
labelKeyEventName,
|
||||||
}
|
}
|
||||||
|
|
||||||
completedJobsTotalLabels = append(jobLabels, labelKeyJobResult, labelKeyRunnerID, labelKeyRunnerName)
|
completedJobsTotalLabels = append(jobLabels, labelKeyJobResult)
|
||||||
jobExecutionDurationLabels = append(jobLabels, labelKeyJobResult, labelKeyRunnerID, labelKeyRunnerName)
|
jobExecutionDurationLabels = append(jobLabels, labelKeyJobResult)
|
||||||
startedJobsTotalLabels = append(jobLabels, labelKeyRunnerID, labelKeyRunnerName)
|
startedJobsTotalLabels = jobLabels
|
||||||
jobStartupDurationLabels = append(jobLabels, labelKeyRunnerID, labelKeyRunnerName)
|
jobStartupDurationLabels = []string{
|
||||||
|
labelKeyRepository,
|
||||||
|
labelKeyOrganization,
|
||||||
|
labelKeyEnterprise,
|
||||||
|
labelKeyEventName,
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
// metrics
|
// metrics
|
||||||
@@ -274,23 +275,34 @@ func (b *baseLabels) scaleSetLabels() prometheus.Labels {
|
|||||||
|
|
||||||
func (b *baseLabels) completedJobLabels(msg *actions.JobCompleted) prometheus.Labels {
|
func (b *baseLabels) completedJobLabels(msg *actions.JobCompleted) prometheus.Labels {
|
||||||
l := b.jobLabels(&msg.JobMessageBase)
|
l := b.jobLabels(&msg.JobMessageBase)
|
||||||
l[labelKeyRunnerID] = strconv.Itoa(msg.RunnerId)
|
|
||||||
l[labelKeyJobResult] = msg.Result
|
l[labelKeyJobResult] = msg.Result
|
||||||
l[labelKeyRunnerName] = msg.RunnerName
|
|
||||||
return l
|
return l
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *baseLabels) startedJobLabels(msg *actions.JobStarted) prometheus.Labels {
|
func (b *baseLabels) startedJobLabels(msg *actions.JobStarted) prometheus.Labels {
|
||||||
l := b.jobLabels(&msg.JobMessageBase)
|
l := b.jobLabels(&msg.JobMessageBase)
|
||||||
l[labelKeyRunnerID] = strconv.Itoa(msg.RunnerId)
|
|
||||||
l[labelKeyRunnerName] = msg.RunnerName
|
|
||||||
return l
|
return l
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (b *baseLabels) jobStartupDurationLabels(msg *actions.JobStarted) prometheus.Labels {
|
||||||
|
return prometheus.Labels{
|
||||||
|
labelKeyEnterprise: b.enterprise,
|
||||||
|
labelKeyOrganization: b.organization,
|
||||||
|
labelKeyRepository: b.repository,
|
||||||
|
labelKeyEventName: msg.EventName,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (m *metricsExporter) withBaseLabels(base baseLabels) {
|
func (m *metricsExporter) withBaseLabels(base baseLabels) {
|
||||||
m.baseLabels = base
|
m.baseLabels = base
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *metricsExporter) publishStatic(max, min int) {
|
||||||
|
l := m.scaleSetLabels()
|
||||||
|
maxRunners.With(l).Set(float64(max))
|
||||||
|
minRunners.With(l).Set(float64(min))
|
||||||
|
}
|
||||||
|
|
||||||
func (m *metricsExporter) publishStatistics(stats *actions.RunnerScaleSetStatistic) {
|
func (m *metricsExporter) publishStatistics(stats *actions.RunnerScaleSetStatistic) {
|
||||||
l := m.scaleSetLabels()
|
l := m.scaleSetLabels()
|
||||||
|
|
||||||
@@ -307,6 +319,7 @@ func (m *metricsExporter) publishJobStarted(msg *actions.JobStarted) {
|
|||||||
l := m.startedJobLabels(msg)
|
l := m.startedJobLabels(msg)
|
||||||
startedJobsTotal.With(l).Inc()
|
startedJobsTotal.With(l).Inc()
|
||||||
|
|
||||||
|
l = m.jobStartupDurationLabels(msg)
|
||||||
startupDuration := msg.JobMessageBase.RunnerAssignTime.Unix() - msg.JobMessageBase.ScaleSetAssignTime.Unix()
|
startupDuration := msg.JobMessageBase.RunnerAssignTime.Unix() - msg.JobMessageBase.ScaleSetAssignTime.Unix()
|
||||||
jobStartupDurationSeconds.With(l).Observe(float64(startupDuration))
|
jobStartupDurationSeconds.With(l).Observe(float64(startupDuration))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
// Code generated by mockery v2.33.2. DO NOT EDIT.
|
// Code generated by mockery v2.36.1. DO NOT EDIT.
|
||||||
|
|
||||||
package main
|
package main
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
// Code generated by mockery v2.33.2. DO NOT EDIT.
|
// Code generated by mockery v2.36.1. DO NOT EDIT.
|
||||||
|
|
||||||
package main
|
package main
|
||||||
|
|
||||||
|
|||||||
@@ -39,6 +39,9 @@ import (
|
|||||||
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
|
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
|
||||||
_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
|
_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
|
||||||
ctrl "sigs.k8s.io/controller-runtime"
|
ctrl "sigs.k8s.io/controller-runtime"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/cache"
|
||||||
|
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
||||||
// +kubebuilder:scaffold:imports
|
// +kubebuilder:scaffold:imports
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -149,11 +152,19 @@ func main() {
|
|||||||
|
|
||||||
syncPeriod := 10 * time.Minute
|
syncPeriod := 10 * time.Minute
|
||||||
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
|
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
|
||||||
Scheme: scheme,
|
Scheme: scheme,
|
||||||
SyncPeriod: &syncPeriod,
|
Cache: cache.Options{
|
||||||
Namespace: watchNamespace,
|
SyncPeriod: &syncPeriod,
|
||||||
MetricsBindAddress: metricsAddr,
|
DefaultNamespaces: map[string]cache.Config{
|
||||||
Port: 9443,
|
watchNamespace: {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Metrics: metricsserver.Options{
|
||||||
|
BindAddress: metricsAddr,
|
||||||
|
},
|
||||||
|
WebhookServer: webhook.NewServer(webhook.Options{
|
||||||
|
Port: 9443,
|
||||||
|
}),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "unable to start manager")
|
logger.Error(err, "unable to start manager")
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: autoscalinglisteners.actions.github.com
|
name: autoscalinglisteners.actions.github.com
|
||||||
spec:
|
spec:
|
||||||
group: actions.github.com
|
group: actions.github.com
|
||||||
@@ -796,7 +795,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -861,7 +860,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -920,7 +919,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -944,7 +943,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1056,7 +1055,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1080,7 +1079,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1141,11 +1140,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1175,9 +1191,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1240,7 +1259,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1258,7 +1277,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1282,7 +1301,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1306,7 +1325,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1629,7 +1648,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1694,7 +1713,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1753,7 +1772,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1777,7 +1796,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1889,7 +1908,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1913,7 +1932,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1974,11 +1993,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2008,9 +2044,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2073,7 +2112,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2091,7 +2130,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2115,7 +2154,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2139,7 +2178,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2474,7 +2513,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2539,7 +2578,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2598,7 +2637,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2622,7 +2661,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2734,7 +2773,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2758,7 +2797,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2819,11 +2858,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2853,9 +2909,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2918,7 +2977,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2936,7 +2995,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2960,7 +3019,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2984,7 +3043,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3175,7 +3234,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3186,7 +3245,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3195,7 +3254,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3250,7 +3309,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3290,7 +3349,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3376,7 +3435,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3660,7 +3719,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3738,7 +3797,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3768,7 +3827,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: autoscalingrunnersets.actions.github.com
|
name: autoscalingrunnersets.actions.github.com
|
||||||
spec:
|
spec:
|
||||||
group: actions.github.com
|
group: actions.github.com
|
||||||
@@ -754,7 +753,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -819,7 +818,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -878,7 +877,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -902,7 +901,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1014,7 +1013,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1038,7 +1037,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1099,11 +1098,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1133,9 +1149,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1198,7 +1217,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1216,7 +1235,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1240,7 +1259,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1264,7 +1283,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1587,7 +1606,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1652,7 +1671,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1711,7 +1730,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1735,7 +1754,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1847,7 +1866,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1871,7 +1890,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1932,11 +1951,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1966,9 +2002,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2031,7 +2070,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2049,7 +2088,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2073,7 +2112,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2097,7 +2136,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2432,7 +2471,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2497,7 +2536,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2556,7 +2595,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2580,7 +2619,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2692,7 +2731,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2716,7 +2755,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2777,11 +2816,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2811,9 +2867,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2876,7 +2935,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2894,7 +2953,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2918,7 +2977,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2942,7 +3001,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3133,7 +3192,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3144,7 +3203,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3153,7 +3212,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3208,7 +3267,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3248,7 +3307,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3334,7 +3393,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3618,7 +3677,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3696,7 +3755,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3726,7 +3785,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -5043,7 +5102,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5108,7 +5167,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5167,7 +5226,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -5191,7 +5250,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5303,7 +5362,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -5327,7 +5386,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5388,11 +5447,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -5419,9 +5495,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -5484,7 +5563,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -5502,7 +5581,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -5526,7 +5605,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -5550,7 +5629,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5873,7 +5952,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5938,7 +6017,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -5997,7 +6076,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6021,7 +6100,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6133,7 +6212,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6157,7 +6236,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6218,11 +6297,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -6249,9 +6345,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -6314,7 +6413,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -6332,7 +6431,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -6356,7 +6455,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6380,7 +6479,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6715,7 +6814,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6780,7 +6879,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6839,7 +6938,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6863,7 +6962,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -6975,7 +7074,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -6999,7 +7098,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -7060,11 +7159,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -7091,9 +7207,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -7156,7 +7275,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -7174,7 +7293,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -7198,7 +7317,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -7222,7 +7341,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -7413,7 +7532,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -7424,7 +7543,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -7433,7 +7552,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -7488,7 +7607,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -7528,7 +7647,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -7614,7 +7733,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -7898,7 +8017,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -7976,7 +8095,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -8003,7 +8122,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: ephemeralrunners.actions.github.com
|
name: ephemeralrunners.actions.github.com
|
||||||
spec:
|
spec:
|
||||||
group: actions.github.com
|
group: actions.github.com
|
||||||
@@ -779,7 +778,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -844,7 +843,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -903,7 +902,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -927,7 +926,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1039,7 +1038,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1063,7 +1062,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1124,11 +1123,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1155,9 +1171,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1220,7 +1239,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1238,7 +1257,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1262,7 +1281,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1286,7 +1305,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1609,7 +1628,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1674,7 +1693,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1733,7 +1752,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1757,7 +1776,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1869,7 +1888,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1893,7 +1912,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1954,11 +1973,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1985,9 +2021,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2050,7 +2089,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2068,7 +2107,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2092,7 +2131,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2116,7 +2155,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2451,7 +2490,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2516,7 +2555,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2575,7 +2614,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2599,7 +2638,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2711,7 +2750,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2735,7 +2774,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2796,11 +2835,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2827,9 +2883,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2892,7 +2951,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2910,7 +2969,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2934,7 +2993,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2958,7 +3017,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3149,7 +3208,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3160,7 +3219,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3169,7 +3228,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3224,7 +3283,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3264,7 +3323,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3350,7 +3409,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3634,7 +3693,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3712,7 +3771,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3739,7 +3798,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: ephemeralrunnersets.actions.github.com
|
name: ephemeralrunnersets.actions.github.com
|
||||||
spec:
|
spec:
|
||||||
group: actions.github.com
|
group: actions.github.com
|
||||||
@@ -773,7 +772,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -838,7 +837,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -897,7 +896,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -921,7 +920,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1033,7 +1032,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1057,7 +1056,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1118,11 +1117,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1149,9 +1165,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1214,7 +1233,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1232,7 +1251,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1256,7 +1275,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1280,7 +1299,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1603,7 +1622,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1668,7 +1687,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1727,7 +1746,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1751,7 +1770,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1863,7 +1882,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1887,7 +1906,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1948,11 +1967,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1979,9 +2015,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2044,7 +2083,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2062,7 +2101,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2086,7 +2125,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2110,7 +2149,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2445,7 +2484,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2510,7 +2549,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2569,7 +2608,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2593,7 +2632,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2705,7 +2744,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2729,7 +2768,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2790,11 +2829,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2821,9 +2877,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2886,7 +2945,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2904,7 +2963,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2928,7 +2987,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2952,7 +3011,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3143,7 +3202,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3154,7 +3213,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3163,7 +3222,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3218,7 +3277,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3258,7 +3317,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3344,7 +3403,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3628,7 +3687,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3706,7 +3765,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3733,7 +3792,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: horizontalrunnerautoscalers.actions.summerwind.dev
|
name: horizontalrunnerautoscalers.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: runnerdeployments.actions.summerwind.dev
|
name: runnerdeployments.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
@@ -767,7 +766,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -832,7 +831,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -891,7 +890,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -915,7 +914,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1027,7 +1026,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1051,7 +1050,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1112,11 +1111,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1143,9 +1159,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1208,7 +1227,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1226,7 +1245,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1250,7 +1269,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1274,7 +1293,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1557,7 +1576,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1584,7 +1603,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
dockerdWithinRunnerContainer:
|
dockerdWithinRunnerContainer:
|
||||||
@@ -1873,7 +1892,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1938,7 +1957,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1997,7 +2016,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2021,7 +2040,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2133,7 +2152,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2157,7 +2176,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2218,11 +2237,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2249,9 +2285,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2314,7 +2353,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2332,7 +2371,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2356,7 +2395,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2380,7 +2419,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2714,7 +2753,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2779,7 +2818,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2838,7 +2877,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2862,7 +2901,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2974,7 +3013,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2998,7 +3037,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3059,11 +3098,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3090,9 +3146,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -3155,7 +3214,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3173,7 +3232,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3197,7 +3256,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3221,7 +3280,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3368,7 +3427,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3395,7 +3454,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
@@ -3442,7 +3501,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3482,7 +3541,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3654,7 +3713,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3719,7 +3778,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3778,7 +3837,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3802,7 +3861,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3914,7 +3973,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3938,7 +3997,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3999,11 +4058,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4030,9 +4106,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -4095,7 +4174,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -4113,7 +4192,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -4137,7 +4216,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -4161,7 +4240,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -4349,7 +4428,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -4663,7 +4742,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -4741,7 +4820,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4768,7 +4847,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -5391,7 +5470,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -5418,7 +5497,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
storageClassName:
|
storageClassName:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: runnerreplicasets.actions.summerwind.dev
|
name: runnerreplicasets.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
@@ -749,7 +748,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -814,7 +813,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -873,7 +872,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -897,7 +896,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1009,7 +1008,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1033,7 +1032,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1094,11 +1093,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1125,9 +1141,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1190,7 +1209,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1208,7 +1227,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1232,7 +1251,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1256,7 +1275,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1539,7 +1558,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1566,7 +1585,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
dockerdWithinRunnerContainer:
|
dockerdWithinRunnerContainer:
|
||||||
@@ -1855,7 +1874,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1920,7 +1939,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1979,7 +1998,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2003,7 +2022,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2115,7 +2134,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2139,7 +2158,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2200,11 +2219,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2231,9 +2267,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2296,7 +2335,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2314,7 +2353,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2338,7 +2377,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2362,7 +2401,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2696,7 +2735,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2761,7 +2800,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2820,7 +2859,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2844,7 +2883,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2956,7 +2995,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2980,7 +3019,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3041,11 +3080,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3072,9 +3128,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -3137,7 +3196,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3155,7 +3214,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3179,7 +3238,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3203,7 +3262,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3350,7 +3409,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3377,7 +3436,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
@@ -3424,7 +3483,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3464,7 +3523,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3636,7 +3695,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3701,7 +3760,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3760,7 +3819,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3784,7 +3843,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3896,7 +3955,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3920,7 +3979,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3981,11 +4040,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4012,9 +4088,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -4077,7 +4156,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -4095,7 +4174,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -4119,7 +4198,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -4143,7 +4222,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -4331,7 +4410,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -4645,7 +4724,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -4723,7 +4802,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4750,7 +4829,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -5373,7 +5452,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -5400,7 +5479,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
storageClassName:
|
storageClassName:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: runners.actions.summerwind.dev
|
name: runners.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
@@ -701,7 +700,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -766,7 +765,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -825,7 +824,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -849,7 +848,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -961,7 +960,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -985,7 +984,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1046,11 +1045,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1077,9 +1093,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1142,7 +1161,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1160,7 +1179,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1184,7 +1203,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1208,7 +1227,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1491,7 +1510,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1518,7 +1537,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
dockerdWithinRunnerContainer:
|
dockerdWithinRunnerContainer:
|
||||||
@@ -1807,7 +1826,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1872,7 +1891,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1931,7 +1950,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1955,7 +1974,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2067,7 +2086,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2091,7 +2110,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2152,11 +2171,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2183,9 +2219,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2248,7 +2287,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2266,7 +2305,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2290,7 +2329,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2314,7 +2353,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2648,7 +2687,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2713,7 +2752,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2772,7 +2811,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2796,7 +2835,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2908,7 +2947,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2932,7 +2971,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2993,11 +3032,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3024,9 +3080,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -3089,7 +3148,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3107,7 +3166,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3131,7 +3190,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3155,7 +3214,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3302,7 +3361,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3329,7 +3388,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
@@ -3376,7 +3435,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3416,7 +3475,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3588,7 +3647,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3653,7 +3712,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3712,7 +3771,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3736,7 +3795,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3848,7 +3907,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3872,7 +3931,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3933,11 +3992,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3964,9 +4040,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -4029,7 +4108,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -4047,7 +4126,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -4071,7 +4150,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -4095,7 +4174,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -4283,7 +4362,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -4597,7 +4676,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -4675,7 +4754,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4702,7 +4781,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -5325,7 +5404,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -5352,7 +5431,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
storageClassName:
|
storageClassName:
|
||||||
|
|||||||
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.11.3
|
controller-gen.kubebuilder.io/version: v0.13.0
|
||||||
creationTimestamp: null
|
|
||||||
name: runnersets.actions.summerwind.dev
|
name: runnersets.actions.summerwind.dev
|
||||||
spec:
|
spec:
|
||||||
group: actions.summerwind.dev
|
group: actions.summerwind.dev
|
||||||
@@ -97,7 +96,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
ordinals:
|
ordinals:
|
||||||
description: ordinals controls the numbering of replica indices in a StatefulSet. The default ordinals behavior assigns a "0" index to the first replica and increments the index by one for each additional replica requested. Using the ordinals field requires the StatefulSetStartOrdinal feature gate to be enabled, which is alpha.
|
description: ordinals controls the numbering of replica indices in a StatefulSet. The default ordinals behavior assigns a "0" index to the first replica and increments the index by one for each additional replica requested. Using the ordinals field requires the StatefulSetStartOrdinal feature gate to be enabled, which is beta.
|
||||||
properties:
|
properties:
|
||||||
start:
|
start:
|
||||||
description: 'start is the number representing the first replica''s index. It may be used to number replicas from an alternate index (eg: 1-indexed) over the default 0-indexed names, or to orchestrate progressive movement of replicas from one StatefulSet to another. If set, replica indices will be in the range: [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). If unset, defaults to 0. Replica indices will be in the range: [0, .spec.replicas).'
|
description: 'start is the number representing the first replica''s index. It may be used to number replicas from an alternate index (eg: 1-indexed) over the default 0-indexed names, or to orchestrate progressive movement of replicas from one StatefulSet to another. If set, replica indices will be in the range: [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). If unset, defaults to 0. Replica indices will be in the range: [0, .spec.replicas).'
|
||||||
@@ -168,7 +167,7 @@ spec:
|
|||||||
description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
|
description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
|
||||||
type: string
|
type: string
|
||||||
template:
|
template:
|
||||||
description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3".
|
description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3". The only allowed template.spec.restartPolicy value is "Always".
|
||||||
properties:
|
properties:
|
||||||
metadata:
|
metadata:
|
||||||
description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
|
description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
|
||||||
@@ -836,7 +835,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -901,7 +900,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -960,7 +959,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -984,7 +983,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1096,7 +1095,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1120,7 +1119,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1181,11 +1180,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -1212,9 +1228,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -1277,7 +1296,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -1295,7 +1314,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -1319,7 +1338,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1343,7 +1362,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1666,7 +1685,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1731,7 +1750,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1790,7 +1809,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1814,7 +1833,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -1926,7 +1945,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -1950,7 +1969,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2011,11 +2030,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2042,9 +2078,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
|
||||||
properties:
|
properties:
|
||||||
@@ -2107,7 +2146,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2125,7 +2164,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2149,7 +2188,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2173,7 +2212,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2508,7 +2547,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2573,7 +2612,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2632,7 +2671,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2656,7 +2695,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2768,7 +2807,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -2792,7 +2831,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -2853,11 +2892,28 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
resizePolicy:
|
||||||
|
description: Resources resize policy for the container.
|
||||||
|
items:
|
||||||
|
description: ContainerResizePolicy represents resource resize policy for the container.
|
||||||
|
properties:
|
||||||
|
resourceName:
|
||||||
|
description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
|
||||||
|
type: string
|
||||||
|
restartPolicy:
|
||||||
|
description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- resourceName
|
||||||
|
- restartPolicy
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
x-kubernetes-list-type: atomic
|
||||||
resources:
|
resources:
|
||||||
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -2884,9 +2940,12 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
restartPolicy:
|
||||||
|
description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
|
||||||
|
type: string
|
||||||
securityContext:
|
securityContext:
|
||||||
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
||||||
properties:
|
properties:
|
||||||
@@ -2949,7 +3008,7 @@ spec:
|
|||||||
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -2967,7 +3026,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -2991,7 +3050,7 @@ spec:
|
|||||||
format: int32
|
format: int32
|
||||||
type: integer
|
type: integer
|
||||||
grpc:
|
grpc:
|
||||||
description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
|
description: GRPC specifies an action involving a GRPC port.
|
||||||
properties:
|
properties:
|
||||||
port:
|
port:
|
||||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||||
@@ -3015,7 +3074,7 @@ spec:
|
|||||||
description: HTTPHeader describes a custom header to be used in HTTP probes
|
description: HTTPHeader describes a custom header to be used in HTTP probes
|
||||||
properties:
|
properties:
|
||||||
name:
|
name:
|
||||||
description: The header field name
|
description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
description: The header field value
|
description: The header field value
|
||||||
@@ -3206,7 +3265,7 @@ spec:
|
|||||||
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
|
||||||
type: string
|
type: string
|
||||||
resourceClaimTemplateName:
|
resourceClaimTemplateName:
|
||||||
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
@@ -3217,7 +3276,7 @@ spec:
|
|||||||
- name
|
- name
|
||||||
x-kubernetes-list-type: map
|
x-kubernetes-list-type: map
|
||||||
restartPolicy:
|
restartPolicy:
|
||||||
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
||||||
type: string
|
type: string
|
||||||
runtimeClassName:
|
runtimeClassName:
|
||||||
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
||||||
@@ -3226,7 +3285,7 @@ spec:
|
|||||||
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
|
||||||
type: string
|
type: string
|
||||||
schedulingGates:
|
schedulingGates:
|
||||||
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
|
description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
|
||||||
items:
|
items:
|
||||||
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
description: PodSchedulingGate is associated to a Pod to guard its scheduling.
|
||||||
properties:
|
properties:
|
||||||
@@ -3281,7 +3340,7 @@ spec:
|
|||||||
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
|
||||||
properties:
|
properties:
|
||||||
localhostProfile:
|
localhostProfile:
|
||||||
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
|
description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
|
||||||
type: string
|
type: string
|
||||||
type:
|
type:
|
||||||
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
|
||||||
@@ -3321,7 +3380,7 @@ spec:
|
|||||||
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
|
||||||
type: string
|
type: string
|
||||||
hostProcess:
|
hostProcess:
|
||||||
description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
|
||||||
type: boolean
|
type: boolean
|
||||||
runAsUserName:
|
runAsUserName:
|
||||||
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
|
||||||
@@ -3407,7 +3466,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
matchLabelKeys:
|
matchLabelKeys:
|
||||||
description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
|
description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
@@ -3691,7 +3750,7 @@ spec:
|
|||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
type: object
|
type: object
|
||||||
@@ -3769,7 +3828,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -3796,7 +3855,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -4511,7 +4570,7 @@ spec:
|
|||||||
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4538,7 +4597,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
selector:
|
selector:
|
||||||
@@ -4590,6 +4649,13 @@ spec:
|
|||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
|
allocatedResourceStatuses:
|
||||||
|
additionalProperties:
|
||||||
|
description: When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource that it does not recognizes, then it should ignore that update and let other controllers handle it.
|
||||||
|
type: string
|
||||||
|
description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\" When this field is not set, it means that no resize operation is in progress for the given PVC. \n A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature."
|
||||||
|
type: object
|
||||||
|
x-kubernetes-map-type: granular
|
||||||
allocatedResources:
|
allocatedResources:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
anyOf:
|
anyOf:
|
||||||
@@ -4597,7 +4663,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
|
description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. \n A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature."
|
||||||
type: object
|
type: object
|
||||||
capacity:
|
capacity:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
@@ -4611,7 +4677,7 @@ spec:
|
|||||||
conditions:
|
conditions:
|
||||||
description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
|
description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
|
||||||
items:
|
items:
|
||||||
description: PersistentVolumeClaimCondition contails details about state of pvc
|
description: PersistentVolumeClaimCondition contains details about state of pvc
|
||||||
properties:
|
properties:
|
||||||
lastProbeTime:
|
lastProbeTime:
|
||||||
description: lastProbeTime is the time we probed the condition.
|
description: lastProbeTime is the time we probed the condition.
|
||||||
@@ -4640,9 +4706,6 @@ spec:
|
|||||||
phase:
|
phase:
|
||||||
description: phase represents the current phase of PersistentVolumeClaim.
|
description: phase represents the current phase of PersistentVolumeClaim.
|
||||||
type: string
|
type: string
|
||||||
resizeStatus:
|
|
||||||
description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
|
|
||||||
type: string
|
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
@@ -4666,7 +4729,7 @@ spec:
|
|||||||
description: ResourceRequirements describes the compute resource requirements.
|
description: ResourceRequirements describes the compute resource requirements.
|
||||||
properties:
|
properties:
|
||||||
claims:
|
claims:
|
||||||
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
|
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
|
||||||
items:
|
items:
|
||||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||||
properties:
|
properties:
|
||||||
@@ -4693,7 +4756,7 @@ spec:
|
|||||||
- type: string
|
- type: string
|
||||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
storageClassName:
|
storageClassName:
|
||||||
|
|||||||
@@ -2,7 +2,6 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
|
||||||
name: manager-role
|
name: manager-role
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|||||||
@@ -2,7 +2,6 @@
|
|||||||
apiVersion: admissionregistration.k8s.io/v1
|
apiVersion: admissionregistration.k8s.io/v1
|
||||||
kind: MutatingWebhookConfiguration
|
kind: MutatingWebhookConfiguration
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
|
||||||
name: mutating-webhook-configuration
|
name: mutating-webhook-configuration
|
||||||
webhooks:
|
webhooks:
|
||||||
- admissionReviewVersions:
|
- admissionReviewVersions:
|
||||||
@@ -88,7 +87,6 @@ webhooks:
|
|||||||
apiVersion: admissionregistration.k8s.io/v1
|
apiVersion: admissionregistration.k8s.io/v1
|
||||||
kind: ValidatingWebhookConfiguration
|
kind: ValidatingWebhookConfiguration
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
|
||||||
name: validating-webhook-configuration
|
name: validating-webhook-configuration
|
||||||
webhooks:
|
webhooks:
|
||||||
- admissionReviewVersions:
|
- admissionReviewVersions:
|
||||||
|
|||||||
@@ -30,7 +30,6 @@ import (
|
|||||||
"sigs.k8s.io/controller-runtime/pkg/handler"
|
"sigs.k8s.io/controller-runtime/pkg/handler"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/predicate"
|
"sigs.k8s.io/controller-runtime/pkg/predicate"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/reconcile"
|
"sigs.k8s.io/controller-runtime/pkg/reconcile"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/source"
|
|
||||||
|
|
||||||
v1alpha1 "github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1"
|
v1alpha1 "github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1"
|
||||||
"github.com/actions/actions-runner-controller/controllers/actions.github.com/metrics"
|
"github.com/actions/actions-runner-controller/controllers/actions.github.com/metrics"
|
||||||
@@ -42,7 +41,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
autoscalingListenerContainerName = "autoscaler"
|
autoscalingListenerContainerName = "listener"
|
||||||
autoscalingListenerFinalizerName = "autoscalinglistener.actions.github.com/finalizer"
|
autoscalingListenerFinalizerName = "autoscalinglistener.actions.github.com/finalizer"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -287,6 +286,21 @@ func (r *AutoscalingListenerReconciler) cleanupResources(ctx context.Context, au
|
|||||||
}
|
}
|
||||||
logger.Info("Listener pod is deleted")
|
logger.Info("Listener pod is deleted")
|
||||||
|
|
||||||
|
var secret corev1.Secret
|
||||||
|
err = r.Get(ctx, types.NamespacedName{Namespace: autoscalingListener.Namespace, Name: scaleSetListenerConfigName(autoscalingListener)}, &secret)
|
||||||
|
switch {
|
||||||
|
case err == nil:
|
||||||
|
if secret.ObjectMeta.DeletionTimestamp.IsZero() {
|
||||||
|
logger.Info("Deleting the listener config secret")
|
||||||
|
if err := r.Delete(ctx, &secret); err != nil {
|
||||||
|
return false, fmt.Errorf("failed to delete listener config secret: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false, nil
|
||||||
|
case err != nil && !kerrors.IsNotFound(err):
|
||||||
|
return false, fmt.Errorf("failed to get listener config secret: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
if autoscalingListener.Spec.Proxy != nil {
|
if autoscalingListener.Spec.Proxy != nil {
|
||||||
logger.Info("Cleaning up the listener proxy secret")
|
logger.Info("Cleaning up the listener proxy secret")
|
||||||
proxySecret := new(corev1.Secret)
|
proxySecret := new(corev1.Secret)
|
||||||
@@ -306,6 +320,38 @@ func (r *AutoscalingListenerReconciler) cleanupResources(ctx context.Context, au
|
|||||||
logger.Info("Listener proxy secret is deleted")
|
logger.Info("Listener proxy secret is deleted")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
listenerRoleBinding := new(rbacv1.RoleBinding)
|
||||||
|
err = r.Get(ctx, types.NamespacedName{Namespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace, Name: scaleSetListenerRoleName(autoscalingListener)}, listenerRoleBinding)
|
||||||
|
switch {
|
||||||
|
case err == nil:
|
||||||
|
if listenerRoleBinding.ObjectMeta.DeletionTimestamp.IsZero() {
|
||||||
|
logger.Info("Deleting the listener role binding")
|
||||||
|
if err := r.Delete(ctx, listenerRoleBinding); err != nil {
|
||||||
|
return false, fmt.Errorf("failed to delete listener role binding: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false, nil
|
||||||
|
case err != nil && !kerrors.IsNotFound(err):
|
||||||
|
return false, fmt.Errorf("failed to get listener role binding: %v", err)
|
||||||
|
}
|
||||||
|
logger.Info("Listener role binding is deleted")
|
||||||
|
|
||||||
|
listenerRole := new(rbacv1.Role)
|
||||||
|
err = r.Get(ctx, types.NamespacedName{Namespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace, Name: scaleSetListenerRoleName(autoscalingListener)}, listenerRole)
|
||||||
|
switch {
|
||||||
|
case err == nil:
|
||||||
|
if listenerRole.ObjectMeta.DeletionTimestamp.IsZero() {
|
||||||
|
logger.Info("Deleting the listener role")
|
||||||
|
if err := r.Delete(ctx, listenerRole); err != nil {
|
||||||
|
return false, fmt.Errorf("failed to delete listener role: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false, nil
|
||||||
|
case err != nil && !kerrors.IsNotFound(err):
|
||||||
|
return false, fmt.Errorf("failed to get listener role: %v", err)
|
||||||
|
}
|
||||||
|
logger.Info("Listener role is deleted")
|
||||||
|
|
||||||
logger.Info("Cleaning up the listener service account")
|
logger.Info("Cleaning up the listener service account")
|
||||||
listenerSa := new(corev1.ServiceAccount)
|
listenerSa := new(corev1.ServiceAccount)
|
||||||
err = r.Get(ctx, types.NamespacedName{Name: scaleSetListenerServiceAccountName(autoscalingListener), Namespace: autoscalingListener.Namespace}, listenerSa)
|
err = r.Get(ctx, types.NamespacedName{Name: scaleSetListenerServiceAccountName(autoscalingListener), Namespace: autoscalingListener.Namespace}, listenerSa)
|
||||||
@@ -386,13 +432,13 @@ func (r *AutoscalingListenerReconciler) createListenerPod(ctx context.Context, a
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
cert := ""
|
||||||
if autoscalingListener.Spec.GitHubServerTLS != nil {
|
if autoscalingListener.Spec.GitHubServerTLS != nil {
|
||||||
env, err := r.certificateEnvVarForListener(ctx, autoscalingRunnerSet, autoscalingListener)
|
var err error
|
||||||
|
cert, err = r.certificate(ctx, autoscalingRunnerSet, autoscalingListener)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ctrl.Result{}, fmt.Errorf("failed to create certificate env var for listener: %v", err)
|
return ctrl.Result{}, fmt.Errorf("failed to create certificate env var for listener: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
envs = append(envs, env)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var metricsConfig *listenerMetricsServerConfig
|
var metricsConfig *listenerMetricsServerConfig
|
||||||
@@ -403,7 +449,35 @@ func (r *AutoscalingListenerReconciler) createListenerPod(ctx context.Context, a
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
newPod, err := r.resourceBuilder.newScaleSetListenerPod(autoscalingListener, serviceAccount, secret, metricsConfig, envs...)
|
var podConfig corev1.Secret
|
||||||
|
if err := r.Get(ctx, types.NamespacedName{Namespace: autoscalingListener.Namespace, Name: scaleSetListenerConfigName(autoscalingListener)}, &podConfig); err != nil {
|
||||||
|
if !kerrors.IsNotFound(err) {
|
||||||
|
logger.Error(err, "Unable to get listener config secret", "namespace", autoscalingListener.Namespace, "name", scaleSetListenerConfigName(autoscalingListener))
|
||||||
|
return ctrl.Result{Requeue: true}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
logger.Info("Creating listener config secret")
|
||||||
|
|
||||||
|
podConfig, err := r.resourceBuilder.newScaleSetListenerConfig(autoscalingListener, secret, metricsConfig, cert)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(err, "Failed to build listener config secret")
|
||||||
|
return ctrl.Result{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := ctrl.SetControllerReference(autoscalingListener, podConfig, r.Scheme); err != nil {
|
||||||
|
logger.Error(err, "Failed to set controller reference")
|
||||||
|
return ctrl.Result{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := r.Create(ctx, podConfig); err != nil {
|
||||||
|
logger.Error(err, "Unable to create listener config secret", "namespace", podConfig.Namespace, "name", podConfig.Name)
|
||||||
|
return ctrl.Result{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return ctrl.Result{Requeue: true}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
newPod, err := r.resourceBuilder.newScaleSetListenerPod(autoscalingListener, &podConfig, serviceAccount, secret, metricsConfig, envs...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "Failed to build listener pod")
|
logger.Error(err, "Failed to build listener pod")
|
||||||
return ctrl.Result{}, err
|
return ctrl.Result{}, err
|
||||||
@@ -424,13 +498,13 @@ func (r *AutoscalingListenerReconciler) createListenerPod(ctx context.Context, a
|
|||||||
return ctrl.Result{}, nil
|
return ctrl.Result{}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *AutoscalingListenerReconciler) certificateEnvVarForListener(ctx context.Context, autoscalingRunnerSet *v1alpha1.AutoscalingRunnerSet, autoscalingListener *v1alpha1.AutoscalingListener) (corev1.EnvVar, error) {
|
func (r *AutoscalingListenerReconciler) certificate(ctx context.Context, autoscalingRunnerSet *v1alpha1.AutoscalingRunnerSet, autoscalingListener *v1alpha1.AutoscalingListener) (string, error) {
|
||||||
if autoscalingListener.Spec.GitHubServerTLS.CertificateFrom == nil {
|
if autoscalingListener.Spec.GitHubServerTLS.CertificateFrom == nil {
|
||||||
return corev1.EnvVar{}, fmt.Errorf("githubServerTLS.certificateFrom is not specified")
|
return "", fmt.Errorf("githubServerTLS.certificateFrom is not specified")
|
||||||
}
|
}
|
||||||
|
|
||||||
if autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef == nil {
|
if autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef == nil {
|
||||||
return corev1.EnvVar{}, fmt.Errorf("githubServerTLS.certificateFrom.configMapKeyRef is not specified")
|
return "", fmt.Errorf("githubServerTLS.certificateFrom.configMapKeyRef is not specified")
|
||||||
}
|
}
|
||||||
|
|
||||||
var configmap corev1.ConfigMap
|
var configmap corev1.ConfigMap
|
||||||
@@ -443,7 +517,7 @@ func (r *AutoscalingListenerReconciler) certificateEnvVarForListener(ctx context
|
|||||||
&configmap,
|
&configmap,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return corev1.EnvVar{}, fmt.Errorf(
|
return "", fmt.Errorf(
|
||||||
"failed to get configmap %s: %w",
|
"failed to get configmap %s: %w",
|
||||||
autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef.Name,
|
autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef.Name,
|
||||||
err,
|
err,
|
||||||
@@ -452,17 +526,14 @@ func (r *AutoscalingListenerReconciler) certificateEnvVarForListener(ctx context
|
|||||||
|
|
||||||
certificate, ok := configmap.Data[autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef.Key]
|
certificate, ok := configmap.Data[autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef.Key]
|
||||||
if !ok {
|
if !ok {
|
||||||
return corev1.EnvVar{}, fmt.Errorf(
|
return "", fmt.Errorf(
|
||||||
"key %s is not found in configmap %s",
|
"key %s is not found in configmap %s",
|
||||||
autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef.Key,
|
autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef.Key,
|
||||||
autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef.Name,
|
autoscalingListener.Spec.GitHubServerTLS.CertificateFrom.ConfigMapKeyRef.Name,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
return corev1.EnvVar{
|
return certificate, nil
|
||||||
Name: "GITHUB_SERVER_ROOT_CA",
|
|
||||||
Value: certificate,
|
|
||||||
}, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *AutoscalingListenerReconciler) createSecretsForListener(ctx context.Context, autoscalingListener *v1alpha1.AutoscalingListener, secret *corev1.Secret, logger logr.Logger) (ctrl.Result, error) {
|
func (r *AutoscalingListenerReconciler) createSecretsForListener(ctx context.Context, autoscalingListener *v1alpha1.AutoscalingListener, secret *corev1.Secret, logger logr.Logger) (ctrl.Result, error) {
|
||||||
@@ -643,7 +714,7 @@ func (r *AutoscalingListenerReconciler) SetupWithManager(mgr ctrl.Manager) error
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
labelBasedWatchFunc := func(obj client.Object) []reconcile.Request {
|
labelBasedWatchFunc := func(_ context.Context, obj client.Object) []reconcile.Request {
|
||||||
var requests []reconcile.Request
|
var requests []reconcile.Request
|
||||||
labels := obj.GetLabels()
|
labels := obj.GetLabels()
|
||||||
namespace, ok := labels["auto-scaling-listener-namespace"]
|
namespace, ok := labels["auto-scaling-listener-namespace"]
|
||||||
@@ -670,8 +741,8 @@ func (r *AutoscalingListenerReconciler) SetupWithManager(mgr ctrl.Manager) error
|
|||||||
For(&v1alpha1.AutoscalingListener{}).
|
For(&v1alpha1.AutoscalingListener{}).
|
||||||
Owns(&corev1.Pod{}).
|
Owns(&corev1.Pod{}).
|
||||||
Owns(&corev1.ServiceAccount{}).
|
Owns(&corev1.ServiceAccount{}).
|
||||||
Watches(&source.Kind{Type: &rbacv1.Role{}}, handler.EnqueueRequestsFromMapFunc(labelBasedWatchFunc)).
|
Watches(&rbacv1.Role{}, handler.EnqueueRequestsFromMapFunc(labelBasedWatchFunc)).
|
||||||
Watches(&source.Kind{Type: &rbacv1.RoleBinding{}}, handler.EnqueueRequestsFromMapFunc(labelBasedWatchFunc)).
|
Watches(&rbacv1.RoleBinding{}, handler.EnqueueRequestsFromMapFunc(labelBasedWatchFunc)).
|
||||||
WithEventFilter(predicate.ResourceVersionChangedPredicate{}).
|
WithEventFilter(predicate.ResourceVersionChangedPredicate{}).
|
||||||
Complete(r)
|
Complete(r)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ package actionsgithubcom
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
@@ -13,6 +14,7 @@ import (
|
|||||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
|
|
||||||
|
listenerconfig "github.com/actions/actions-runner-controller/cmd/githubrunnerscalesetlistener/config"
|
||||||
. "github.com/onsi/ginkgo/v2"
|
. "github.com/onsi/ginkgo/v2"
|
||||||
. "github.com/onsi/gomega"
|
. "github.com/onsi/gomega"
|
||||||
kerrors "k8s.io/apimachinery/pkg/api/errors"
|
kerrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
@@ -103,6 +105,19 @@ var _ = Describe("Test AutoScalingListener controller", func() {
|
|||||||
|
|
||||||
Context("When creating a new AutoScalingListener", func() {
|
Context("When creating a new AutoScalingListener", func() {
|
||||||
It("It should create/add all required resources for a new AutoScalingListener (finalizer, secret, service account, role, rolebinding, pod)", func() {
|
It("It should create/add all required resources for a new AutoScalingListener (finalizer, secret, service account, role, rolebinding, pod)", func() {
|
||||||
|
config := new(corev1.Secret)
|
||||||
|
Eventually(
|
||||||
|
func() error {
|
||||||
|
err := k8sClient.Get(ctx, client.ObjectKey{Name: scaleSetListenerConfigName(autoscalingListener), Namespace: configSecret.Namespace}, config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
autoscalingListenerTestTimeout,
|
||||||
|
autoscalingListenerTestInterval,
|
||||||
|
).Should(Succeed(), "Config secret should be created")
|
||||||
|
|
||||||
// Check if finalizer is added
|
// Check if finalizer is added
|
||||||
created := new(actionsv1alpha1.AutoscalingListener)
|
created := new(actionsv1alpha1.AutoscalingListener)
|
||||||
Eventually(
|
Eventually(
|
||||||
@@ -203,7 +218,8 @@ var _ = Describe("Test AutoScalingListener controller", func() {
|
|||||||
return pod.Name, nil
|
return pod.Name, nil
|
||||||
},
|
},
|
||||||
autoscalingListenerTestTimeout,
|
autoscalingListenerTestTimeout,
|
||||||
autoscalingListenerTestInterval).Should(BeEquivalentTo(autoscalingListener.Name), "Pod should be created")
|
autoscalingListenerTestInterval,
|
||||||
|
).Should(BeEquivalentTo(autoscalingListener.Name), "Pod should be created")
|
||||||
|
|
||||||
// Delete the AutoScalingListener
|
// Delete the AutoScalingListener
|
||||||
err := k8sClient.Delete(ctx, autoscalingListener)
|
err := k8sClient.Delete(ctx, autoscalingListener)
|
||||||
@@ -225,7 +241,41 @@ var _ = Describe("Test AutoScalingListener controller", func() {
|
|||||||
return nil
|
return nil
|
||||||
},
|
},
|
||||||
autoscalingListenerTestTimeout,
|
autoscalingListenerTestTimeout,
|
||||||
autoscalingListenerTestInterval).ShouldNot(Succeed(), "failed to delete pod")
|
autoscalingListenerTestInterval,
|
||||||
|
).ShouldNot(Succeed(), "failed to delete pod")
|
||||||
|
|
||||||
|
// Cleanup the listener role binding
|
||||||
|
Eventually(
|
||||||
|
func() bool {
|
||||||
|
roleBinding := new(rbacv1.RoleBinding)
|
||||||
|
err := k8sClient.Get(ctx, client.ObjectKey{Name: scaleSetListenerRoleName(autoscalingListener), Namespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace}, roleBinding)
|
||||||
|
return kerrors.IsNotFound(err)
|
||||||
|
},
|
||||||
|
autoscalingListenerTestTimeout,
|
||||||
|
autoscalingListenerTestInterval,
|
||||||
|
).Should(BeTrue(), "failed to delete role binding")
|
||||||
|
|
||||||
|
// Cleanup the listener role
|
||||||
|
Eventually(
|
||||||
|
func() bool {
|
||||||
|
role := new(rbacv1.Role)
|
||||||
|
err := k8sClient.Get(ctx, client.ObjectKey{Name: scaleSetListenerRoleName(autoscalingListener), Namespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace}, role)
|
||||||
|
return kerrors.IsNotFound(err)
|
||||||
|
},
|
||||||
|
autoscalingListenerTestTimeout,
|
||||||
|
autoscalingListenerTestInterval,
|
||||||
|
).Should(BeTrue(), "failed to delete role")
|
||||||
|
|
||||||
|
// Cleanup the listener config
|
||||||
|
Eventually(
|
||||||
|
func() bool {
|
||||||
|
config := new(corev1.Secret)
|
||||||
|
err := k8sClient.Get(ctx, client.ObjectKey{Name: scaleSetListenerConfigName(autoscalingListener), Namespace: autoscalingListener.Namespace}, config)
|
||||||
|
return kerrors.IsNotFound(err)
|
||||||
|
},
|
||||||
|
autoscalingListenerTestTimeout,
|
||||||
|
autoscalingListenerTestInterval,
|
||||||
|
).Should(BeTrue(), "failed to delete config secret")
|
||||||
|
|
||||||
// Cleanup the listener service account
|
// Cleanup the listener service account
|
||||||
Eventually(
|
Eventually(
|
||||||
@@ -375,7 +425,7 @@ var _ = Describe("Test AutoScalingListener customization", func() {
|
|||||||
Spec: corev1.PodSpec{
|
Spec: corev1.PodSpec{
|
||||||
Containers: []corev1.Container{
|
Containers: []corev1.Container{
|
||||||
{
|
{
|
||||||
Name: "listener",
|
Name: autoscalingListenerContainerName,
|
||||||
ImagePullPolicy: corev1.PullAlways,
|
ImagePullPolicy: corev1.PullAlways,
|
||||||
SecurityContext: &corev1.SecurityContext{
|
SecurityContext: &corev1.SecurityContext{
|
||||||
RunAsUser: &runAsUser,
|
RunAsUser: &runAsUser,
|
||||||
@@ -477,6 +527,17 @@ var _ = Describe("Test AutoScalingListener customization", func() {
|
|||||||
autoscalingListenerTestTimeout,
|
autoscalingListenerTestTimeout,
|
||||||
autoscalingListenerTestInterval).Should(BeEquivalentTo(autoscalingListenerFinalizerName), "AutoScalingListener should have a finalizer")
|
autoscalingListenerTestInterval).Should(BeEquivalentTo(autoscalingListenerFinalizerName), "AutoScalingListener should have a finalizer")
|
||||||
|
|
||||||
|
// Check if config is created
|
||||||
|
config := new(corev1.Secret)
|
||||||
|
Eventually(
|
||||||
|
func() error {
|
||||||
|
err := k8sClient.Get(ctx, client.ObjectKey{Name: scaleSetListenerConfigName(autoscalingListener), Namespace: autoscalingListener.Namespace}, config)
|
||||||
|
return err
|
||||||
|
},
|
||||||
|
autoscalingListenerTestTimeout,
|
||||||
|
autoscalingListenerTestInterval,
|
||||||
|
).Should(Succeed(), "Config secret should be created")
|
||||||
|
|
||||||
// Check if pod is created
|
// Check if pod is created
|
||||||
pod := new(corev1.Pod)
|
pod := new(corev1.Pod)
|
||||||
Eventually(
|
Eventually(
|
||||||
@@ -494,7 +555,7 @@ var _ = Describe("Test AutoScalingListener customization", func() {
|
|||||||
|
|
||||||
Expect(pod.Spec.SecurityContext.RunAsUser).To(Equal(&runAsUser), "Pod should have the correct security context")
|
Expect(pod.Spec.SecurityContext.RunAsUser).To(Equal(&runAsUser), "Pod should have the correct security context")
|
||||||
|
|
||||||
Expect(pod.Spec.Containers[0].Name).NotTo(Equal("listener"), "Pod should have the correct container name")
|
Expect(pod.Spec.Containers[0].Name).To(Equal(autoscalingListenerContainerName), "Pod should have the correct container name")
|
||||||
Expect(pod.Spec.Containers[0].SecurityContext.RunAsUser).To(Equal(&runAsUser), "Pod should have the correct security context")
|
Expect(pod.Spec.Containers[0].SecurityContext.RunAsUser).To(Equal(&runAsUser), "Pod should have the correct security context")
|
||||||
Expect(pod.Spec.Containers[0].ImagePullPolicy).To(Equal(corev1.PullAlways), "Pod should have the correct image pull policy")
|
Expect(pod.Spec.Containers[0].ImagePullPolicy).To(Equal(corev1.PullAlways), "Pod should have the correct image pull policy")
|
||||||
|
|
||||||
@@ -793,7 +854,7 @@ var _ = Describe("Test AutoScalingListener controller with template modification
|
|||||||
Spec: corev1.PodSpec{
|
Spec: corev1.PodSpec{
|
||||||
Containers: []corev1.Container{
|
Containers: []corev1.Container{
|
||||||
{
|
{
|
||||||
Name: "listener",
|
Name: autoscalingListenerContainerName,
|
||||||
ImagePullPolicy: corev1.PullAlways,
|
ImagePullPolicy: corev1.PullAlways,
|
||||||
SecurityContext: &corev1.SecurityContext{
|
SecurityContext: &corev1.SecurityContext{
|
||||||
RunAsUser: &runAsUser1001,
|
RunAsUser: &runAsUser1001,
|
||||||
@@ -965,31 +1026,26 @@ var _ = Describe("Test GitHub Server TLS configuration", func() {
|
|||||||
})
|
})
|
||||||
|
|
||||||
Context("When creating a new AutoScalingListener", func() {
|
Context("When creating a new AutoScalingListener", func() {
|
||||||
It("It should set the certificates as an environment variable on the pod", func() {
|
It("It should set the certificates in the config of the pod", func() {
|
||||||
pod := new(corev1.Pod)
|
config := new(corev1.Secret)
|
||||||
Eventually(
|
Eventually(
|
||||||
func(g Gomega) {
|
func(g Gomega) {
|
||||||
err := k8sClient.Get(
|
err := k8sClient.Get(
|
||||||
ctx,
|
ctx,
|
||||||
client.ObjectKey{
|
client.ObjectKey{
|
||||||
Name: autoscalingListener.Name,
|
Name: scaleSetListenerConfigName(autoscalingListener),
|
||||||
Namespace: autoscalingListener.Namespace,
|
Namespace: autoscalingListener.Namespace,
|
||||||
},
|
},
|
||||||
pod,
|
config,
|
||||||
)
|
)
|
||||||
|
|
||||||
g.Expect(err).NotTo(HaveOccurred(), "failed to get pod")
|
g.Expect(err).NotTo(HaveOccurred(), "failed to get pod")
|
||||||
g.Expect(pod.Spec.Containers).NotTo(BeEmpty(), "pod should have containers")
|
|
||||||
g.Expect(pod.Spec.Containers[0].Env).NotTo(BeEmpty(), "pod should have env variables")
|
|
||||||
|
|
||||||
var env *corev1.EnvVar
|
g.Expect(config.Data["config.json"]).ToNot(BeEmpty(), "listener configuration file should not be empty")
|
||||||
for _, e := range pod.Spec.Containers[0].Env {
|
|
||||||
if e.Name == "GITHUB_SERVER_ROOT_CA" {
|
var listenerConfig listenerconfig.Config
|
||||||
env = &e
|
err = json.Unmarshal(config.Data["config.json"], &listenerConfig)
|
||||||
break
|
g.Expect(err).NotTo(HaveOccurred(), "failed to parse listener configuration file")
|
||||||
}
|
|
||||||
}
|
|
||||||
g.Expect(env).NotTo(BeNil(), "pod should have an env variable named GITHUB_SERVER_ROOT_CA_PATH")
|
|
||||||
|
|
||||||
cert, err := os.ReadFile(filepath.Join(
|
cert, err := os.ReadFile(filepath.Join(
|
||||||
"../../",
|
"../../",
|
||||||
@@ -1000,7 +1056,7 @@ var _ = Describe("Test GitHub Server TLS configuration", func() {
|
|||||||
))
|
))
|
||||||
g.Expect(err).NotTo(HaveOccurred(), "failed to read rootCA.crt")
|
g.Expect(err).NotTo(HaveOccurred(), "failed to read rootCA.crt")
|
||||||
|
|
||||||
g.Expect(env.Value).To(
|
g.Expect(listenerConfig.ServerRootCA).To(
|
||||||
BeEquivalentTo(string(cert)),
|
BeEquivalentTo(string(cert)),
|
||||||
"GITHUB_SERVER_ROOT_CA should be the rootCA.crt",
|
"GITHUB_SERVER_ROOT_CA should be the rootCA.crt",
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -39,7 +39,6 @@ import (
|
|||||||
"sigs.k8s.io/controller-runtime/pkg/handler"
|
"sigs.k8s.io/controller-runtime/pkg/handler"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/predicate"
|
"sigs.k8s.io/controller-runtime/pkg/predicate"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/reconcile"
|
"sigs.k8s.io/controller-runtime/pkg/reconcile"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/source"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@@ -467,6 +466,8 @@ func (r *AutoscalingRunnerSetReconciler) createRunnerScaleSet(ctx context.Contex
|
|||||||
Version: build.Version,
|
Version: build.Version,
|
||||||
CommitSHA: build.CommitSHA,
|
CommitSHA: build.CommitSHA,
|
||||||
ScaleSetID: runnerScaleSet.Id,
|
ScaleSetID: runnerScaleSet.Id,
|
||||||
|
HasProxy: autoscalingRunnerSet.Spec.Proxy != nil,
|
||||||
|
Subsystem: "controller",
|
||||||
})
|
})
|
||||||
|
|
||||||
logger.Info("Created/Reused a runner scale set", "id", runnerScaleSet.Id, "runnerGroupName", runnerScaleSet.RunnerGroupName)
|
logger.Info("Created/Reused a runner scale set", "id", runnerScaleSet.Id, "runnerGroupName", runnerScaleSet.RunnerGroupName)
|
||||||
@@ -774,8 +775,8 @@ func (r *AutoscalingRunnerSetReconciler) SetupWithManager(mgr ctrl.Manager) erro
|
|||||||
return ctrl.NewControllerManagedBy(mgr).
|
return ctrl.NewControllerManagedBy(mgr).
|
||||||
For(&v1alpha1.AutoscalingRunnerSet{}).
|
For(&v1alpha1.AutoscalingRunnerSet{}).
|
||||||
Owns(&v1alpha1.EphemeralRunnerSet{}).
|
Owns(&v1alpha1.EphemeralRunnerSet{}).
|
||||||
Watches(&source.Kind{Type: &v1alpha1.AutoscalingListener{}}, handler.EnqueueRequestsFromMapFunc(
|
Watches(&v1alpha1.AutoscalingListener{}, handler.EnqueueRequestsFromMapFunc(
|
||||||
func(o client.Object) []reconcile.Request {
|
func(_ context.Context, o client.Object) []reconcile.Request {
|
||||||
autoscalingListener := o.(*v1alpha1.AutoscalingListener)
|
autoscalingListener := o.(*v1alpha1.AutoscalingListener)
|
||||||
return []reconcile.Request{
|
return []reconcile.Request{
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -2,7 +2,6 @@ package actionsgithubcom
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/actions/actions-runner-controller/logging"
|
"github.com/actions/actions-runner-controller/logging"
|
||||||
corev1 "k8s.io/api/core/v1"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@@ -59,10 +58,6 @@ const (
|
|||||||
AnnotationKeyNoPermissionServiceAccountName = "actions.github.com/cleanup-no-permission-service-account-name"
|
AnnotationKeyNoPermissionServiceAccountName = "actions.github.com/cleanup-no-permission-service-account-name"
|
||||||
)
|
)
|
||||||
|
|
||||||
// DefaultScaleSetListenerImagePullPolicy is the default pull policy applied
|
|
||||||
// to the listener when ImagePullPolicy is not specified
|
|
||||||
const DefaultScaleSetListenerImagePullPolicy = corev1.PullIfNotPresent
|
|
||||||
|
|
||||||
// DefaultScaleSetListenerLogLevel is the default log level applied
|
// DefaultScaleSetListenerLogLevel is the default log level applied
|
||||||
const DefaultScaleSetListenerLogLevel = string(logging.LogLevelDebug)
|
const DefaultScaleSetListenerLogLevel = string(logging.LogLevelDebug)
|
||||||
|
|
||||||
@@ -71,3 +66,9 @@ const DefaultScaleSetListenerLogFormat = string(logging.LogFormatText)
|
|||||||
|
|
||||||
// ownerKey is field selector matching the owner name of a particular resource
|
// ownerKey is field selector matching the owner name of a particular resource
|
||||||
const resourceOwnerKey = ".metadata.controller"
|
const resourceOwnerKey = ".metadata.controller"
|
||||||
|
|
||||||
|
// EphemeralRunner pod creation failure reasons
|
||||||
|
const (
|
||||||
|
ReasonTooManyPodFailures = "TooManyPodFailures"
|
||||||
|
ReasonInvalidPodFailure = "InvalidPod"
|
||||||
|
)
|
||||||
|
|||||||
@@ -191,7 +191,8 @@ func (r *EphemeralRunnerReconciler) Reconcile(ctx context.Context, req ctrl.Requ
|
|||||||
|
|
||||||
case len(ephemeralRunner.Status.Failures) > 5:
|
case len(ephemeralRunner.Status.Failures) > 5:
|
||||||
log.Info("EphemeralRunner has failed more than 5 times. Marking it as failed")
|
log.Info("EphemeralRunner has failed more than 5 times. Marking it as failed")
|
||||||
if err := r.markAsFailed(ctx, ephemeralRunner, log); err != nil {
|
errMessage := fmt.Sprintf("Pod has failed to start more than 5 times: %s", pod.Status.Message)
|
||||||
|
if err := r.markAsFailed(ctx, ephemeralRunner, errMessage, ReasonTooManyPodFailures, log); err != nil {
|
||||||
log.Error(err, "Failed to set ephemeral runner to phase Failed")
|
log.Error(err, "Failed to set ephemeral runner to phase Failed")
|
||||||
return ctrl.Result{}, err
|
return ctrl.Result{}, err
|
||||||
}
|
}
|
||||||
@@ -200,7 +201,22 @@ func (r *EphemeralRunnerReconciler) Reconcile(ctx context.Context, req ctrl.Requ
|
|||||||
default:
|
default:
|
||||||
// Pod was not found. Create if the pod has never been created
|
// Pod was not found. Create if the pod has never been created
|
||||||
log.Info("Creating new EphemeralRunner pod.")
|
log.Info("Creating new EphemeralRunner pod.")
|
||||||
return r.createPod(ctx, ephemeralRunner, secret, log)
|
result, err := r.createPod(ctx, ephemeralRunner, secret, log)
|
||||||
|
switch {
|
||||||
|
case err == nil:
|
||||||
|
return result, nil
|
||||||
|
case kerrors.IsInvalid(err) || kerrors.IsForbidden(err):
|
||||||
|
log.Error(err, "Failed to create a pod due to unrecoverable failure")
|
||||||
|
errMessage := fmt.Sprintf("Failed to create the pod: %v", err)
|
||||||
|
if err := r.markAsFailed(ctx, ephemeralRunner, errMessage, ReasonInvalidPodFailure, log); err != nil {
|
||||||
|
log.Error(err, "Failed to set ephemeral runner to phase Failed")
|
||||||
|
return ctrl.Result{}, err
|
||||||
|
}
|
||||||
|
return ctrl.Result{}, nil
|
||||||
|
default:
|
||||||
|
log.Error(err, "Failed to create the pod")
|
||||||
|
return ctrl.Result{}, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -423,12 +439,12 @@ func (r *EphemeralRunnerReconciler) cleanupRunnerLinkedSecrets(ctx context.Conte
|
|||||||
return false, multierr.Combine(errs...)
|
return false, multierr.Combine(errs...)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *EphemeralRunnerReconciler) markAsFailed(ctx context.Context, ephemeralRunner *v1alpha1.EphemeralRunner, log logr.Logger) error {
|
func (r *EphemeralRunnerReconciler) markAsFailed(ctx context.Context, ephemeralRunner *v1alpha1.EphemeralRunner, errMessage string, reason string, log logr.Logger) error {
|
||||||
log.Info("Updating ephemeral runner status to Failed")
|
log.Info("Updating ephemeral runner status to Failed")
|
||||||
if err := patchSubResource(ctx, r.Status(), ephemeralRunner, func(obj *v1alpha1.EphemeralRunner) {
|
if err := patchSubResource(ctx, r.Status(), ephemeralRunner, func(obj *v1alpha1.EphemeralRunner) {
|
||||||
obj.Status.Phase = corev1.PodFailed
|
obj.Status.Phase = corev1.PodFailed
|
||||||
obj.Status.Reason = "TooManyPodFailures"
|
obj.Status.Reason = reason
|
||||||
obj.Status.Message = "Pod has failed to start more than 5 times"
|
obj.Status.Message = errMessage
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
return fmt.Errorf("failed to update ephemeral runner status Phase/Message: %v", err)
|
return fmt.Errorf("failed to update ephemeral runner status Phase/Message: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -189,6 +189,25 @@ var _ = Describe("EphemeralRunner", func() {
|
|||||||
).Should(BeEquivalentTo(true))
|
).Should(BeEquivalentTo(true))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("It should failed if a pod template is invalid", func() {
|
||||||
|
invalideEphemeralRunner := newExampleRunner("invalid-ephemeral-runner", autoscalingNS.Name, configSecret.Name)
|
||||||
|
invalideEphemeralRunner.Spec.Spec.PriorityClassName = "notexist"
|
||||||
|
|
||||||
|
err := k8sClient.Create(ctx, invalideEphemeralRunner)
|
||||||
|
Expect(err).To(BeNil())
|
||||||
|
|
||||||
|
updated := new(v1alpha1.EphemeralRunner)
|
||||||
|
Eventually(func() (corev1.PodPhase, error) {
|
||||||
|
err := k8sClient.Get(ctx, client.ObjectKey{Name: invalideEphemeralRunner.Name, Namespace: invalideEphemeralRunner.Namespace}, updated)
|
||||||
|
if err != nil {
|
||||||
|
return "", nil
|
||||||
|
}
|
||||||
|
return updated.Status.Phase, nil
|
||||||
|
}, timeout, interval).Should(BeEquivalentTo(corev1.PodFailed))
|
||||||
|
Expect(updated.Status.Reason).Should(Equal("InvalidPod"))
|
||||||
|
Expect(updated.Status.Message).Should(Equal("Failed to create the pod: pods \"invalid-ephemeral-runner\" is forbidden: no PriorityClass with name notexist was found"))
|
||||||
|
})
|
||||||
|
|
||||||
It("It should clean up resources when deleted", func() {
|
It("It should clean up resources when deleted", func() {
|
||||||
// wait for pod to be created
|
// wait for pod to be created
|
||||||
pod := new(corev1.Pod)
|
pod := new(corev1.Pod)
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ import (
|
|||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
ctrl "sigs.k8s.io/controller-runtime"
|
ctrl "sigs.k8s.io/controller-runtime"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/cache"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/manager"
|
"sigs.k8s.io/controller-runtime/pkg/manager"
|
||||||
)
|
)
|
||||||
@@ -45,8 +46,11 @@ func createNamespace(t ginkgo.GinkgoTInterface, client client.Client) (*corev1.N
|
|||||||
})
|
})
|
||||||
|
|
||||||
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
|
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
|
||||||
Namespace: ns.Name,
|
Cache: cache.Options{
|
||||||
MetricsBindAddress: "0",
|
DefaultNamespaces: map[string]cache.Config{
|
||||||
|
ns.Name: {},
|
||||||
|
},
|
||||||
|
},
|
||||||
})
|
})
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,9 @@
|
|||||||
package actionsgithubcom
|
package actionsgithubcom
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math"
|
"math"
|
||||||
"net"
|
"net"
|
||||||
@@ -9,6 +11,7 @@ import (
|
|||||||
|
|
||||||
"github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1"
|
"github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1"
|
||||||
"github.com/actions/actions-runner-controller/build"
|
"github.com/actions/actions-runner-controller/build"
|
||||||
|
listenerconfig "github.com/actions/actions-runner-controller/cmd/githubrunnerscalesetlistener/config"
|
||||||
"github.com/actions/actions-runner-controller/github/actions"
|
"github.com/actions/actions-runner-controller/github/actions"
|
||||||
"github.com/actions/actions-runner-controller/hash"
|
"github.com/actions/actions-runner-controller/hash"
|
||||||
"github.com/actions/actions-runner-controller/logging"
|
"github.com/actions/actions-runner-controller/logging"
|
||||||
@@ -33,37 +36,13 @@ var commonLabelKeys = [...]string{
|
|||||||
LabelKeyGitHubRepository,
|
LabelKeyGitHubRepository,
|
||||||
}
|
}
|
||||||
|
|
||||||
var reservedListenerContainerEnvKeys = map[string]struct{}{
|
|
||||||
"GITHUB_CONFIGURE_URL": {},
|
|
||||||
"GITHUB_EPHEMERAL_RUNNER_SET_NAMESPACE": {},
|
|
||||||
"GITHUB_EPHEMERAL_RUNNER_SET_NAME": {},
|
|
||||||
"GITHUB_MAX_RUNNERS": {},
|
|
||||||
"GITHUB_MIN_RUNNERS": {},
|
|
||||||
"GITHUB_RUNNER_SCALE_SET_ID": {},
|
|
||||||
"GITHUB_RUNNER_LOG_LEVEL": {},
|
|
||||||
"GITHUB_RUNNER_LOG_FORMAT": {},
|
|
||||||
"GITHUB_TOKEN": {},
|
|
||||||
"GITHUB_APP_ID": {},
|
|
||||||
"GITHUB_APP_INSTALLATION_ID": {},
|
|
||||||
"GITHUB_APP_PRIVATE_KEY": {},
|
|
||||||
}
|
|
||||||
|
|
||||||
const labelValueKubernetesPartOf = "gha-runner-scale-set"
|
const labelValueKubernetesPartOf = "gha-runner-scale-set"
|
||||||
|
|
||||||
var scaleSetListenerLogLevel = DefaultScaleSetListenerLogLevel
|
var (
|
||||||
var scaleSetListenerLogFormat = DefaultScaleSetListenerLogFormat
|
scaleSetListenerLogLevel = DefaultScaleSetListenerLogLevel
|
||||||
|
scaleSetListenerLogFormat = DefaultScaleSetListenerLogFormat
|
||||||
var scaleSetListenerImagePullPolicy = DefaultScaleSetListenerImagePullPolicy
|
scaleSetListenerEntrypoint = "/ghalistener"
|
||||||
|
)
|
||||||
func SetListenerImagePullPolicy(pullPolicy string) bool {
|
|
||||||
switch p := corev1.PullPolicy(pullPolicy); p {
|
|
||||||
case corev1.PullAlways, corev1.PullIfNotPresent, corev1.PullNever:
|
|
||||||
scaleSetListenerImagePullPolicy = p
|
|
||||||
return true
|
|
||||||
default:
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func SetListenerLoggingParameters(level string, format string) bool {
|
func SetListenerLoggingParameters(level string, format string) bool {
|
||||||
switch level {
|
switch level {
|
||||||
@@ -83,6 +62,12 @@ func SetListenerLoggingParameters(level string, format string) bool {
|
|||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func SetListenerEntrypoint(entrypoint string) {
|
||||||
|
if entrypoint != "" {
|
||||||
|
scaleSetListenerEntrypoint = entrypoint
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
type resourceBuilder struct{}
|
type resourceBuilder struct{}
|
||||||
|
|
||||||
func (b *resourceBuilder) newAutoScalingListener(autoscalingRunnerSet *v1alpha1.AutoscalingRunnerSet, ephemeralRunnerSet *v1alpha1.EphemeralRunnerSet, namespace, image string, imagePullSecrets []corev1.LocalObjectReference) (*v1alpha1.AutoscalingListener, error) {
|
func (b *resourceBuilder) newAutoScalingListener(autoscalingRunnerSet *v1alpha1.AutoscalingRunnerSet, ephemeralRunnerSet *v1alpha1.EphemeralRunnerSet, namespace, image string, imagePullSecrets []corev1.LocalObjectReference) (*v1alpha1.AutoscalingListener, error) {
|
||||||
@@ -144,151 +129,137 @@ type listenerMetricsServerConfig struct {
|
|||||||
endpoint string
|
endpoint string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *resourceBuilder) newScaleSetListenerPod(autoscalingListener *v1alpha1.AutoscalingListener, serviceAccount *corev1.ServiceAccount, secret *corev1.Secret, metricsConfig *listenerMetricsServerConfig, envs ...corev1.EnvVar) (*corev1.Pod, error) {
|
func (lm *listenerMetricsServerConfig) containerPort() (corev1.ContainerPort, error) {
|
||||||
|
_, portStr, err := net.SplitHostPort(lm.addr)
|
||||||
|
if err != nil {
|
||||||
|
return corev1.ContainerPort{}, err
|
||||||
|
}
|
||||||
|
port, err := strconv.ParseInt(portStr, 10, 32)
|
||||||
|
if err != nil {
|
||||||
|
return corev1.ContainerPort{}, err
|
||||||
|
}
|
||||||
|
return corev1.ContainerPort{
|
||||||
|
ContainerPort: int32(port),
|
||||||
|
Protocol: corev1.ProtocolTCP,
|
||||||
|
Name: "metrics",
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *resourceBuilder) newScaleSetListenerConfig(autoscalingListener *v1alpha1.AutoscalingListener, secret *corev1.Secret, metricsConfig *listenerMetricsServerConfig, cert string) (*corev1.Secret, error) {
|
||||||
|
var (
|
||||||
|
metricsAddr = ""
|
||||||
|
metricsEndpoint = ""
|
||||||
|
)
|
||||||
|
if metricsConfig != nil {
|
||||||
|
metricsAddr = metricsConfig.addr
|
||||||
|
metricsEndpoint = metricsConfig.endpoint
|
||||||
|
}
|
||||||
|
|
||||||
|
var appID int64
|
||||||
|
if id, ok := secret.Data["github_app_id"]; ok {
|
||||||
|
var err error
|
||||||
|
appID, err = strconv.ParseInt(string(id), 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to convert github_app_id to int: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var appInstallationID int64
|
||||||
|
if id, ok := secret.Data["github_app_installation_id"]; ok {
|
||||||
|
var err error
|
||||||
|
appInstallationID, err = strconv.ParseInt(string(id), 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to convert github_app_installation_id to int: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
config := listenerconfig.Config{
|
||||||
|
ConfigureUrl: autoscalingListener.Spec.GitHubConfigUrl,
|
||||||
|
AppID: appID,
|
||||||
|
AppInstallationID: appInstallationID,
|
||||||
|
AppPrivateKey: string(secret.Data["github_app_private_key"]),
|
||||||
|
Token: string(secret.Data["github_token"]),
|
||||||
|
EphemeralRunnerSetNamespace: autoscalingListener.Spec.AutoscalingRunnerSetNamespace,
|
||||||
|
EphemeralRunnerSetName: autoscalingListener.Spec.EphemeralRunnerSetName,
|
||||||
|
MaxRunners: autoscalingListener.Spec.MaxRunners,
|
||||||
|
MinRunners: autoscalingListener.Spec.MinRunners,
|
||||||
|
RunnerScaleSetId: autoscalingListener.Spec.RunnerScaleSetId,
|
||||||
|
RunnerScaleSetName: autoscalingListener.Spec.AutoscalingRunnerSetName,
|
||||||
|
ServerRootCA: cert,
|
||||||
|
LogLevel: scaleSetListenerLogLevel,
|
||||||
|
LogFormat: scaleSetListenerLogFormat,
|
||||||
|
MetricsAddr: metricsAddr,
|
||||||
|
MetricsEndpoint: metricsEndpoint,
|
||||||
|
}
|
||||||
|
|
||||||
|
var buf bytes.Buffer
|
||||||
|
if err := json.NewEncoder(&buf).Encode(config); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to encode config: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &corev1.Secret{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: scaleSetListenerConfigName(autoscalingListener),
|
||||||
|
Namespace: autoscalingListener.Namespace,
|
||||||
|
},
|
||||||
|
Data: map[string][]byte{
|
||||||
|
"config.json": buf.Bytes(),
|
||||||
|
},
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *resourceBuilder) newScaleSetListenerPod(autoscalingListener *v1alpha1.AutoscalingListener, podConfig *corev1.Secret, serviceAccount *corev1.ServiceAccount, secret *corev1.Secret, metricsConfig *listenerMetricsServerConfig, envs ...corev1.EnvVar) (*corev1.Pod, error) {
|
||||||
listenerEnv := []corev1.EnvVar{
|
listenerEnv := []corev1.EnvVar{
|
||||||
{
|
{
|
||||||
Name: "GITHUB_CONFIGURE_URL",
|
Name: "LISTENER_CONFIG_PATH",
|
||||||
Value: autoscalingListener.Spec.GitHubConfigUrl,
|
Value: "/etc/gha-listener/config.json",
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "GITHUB_EPHEMERAL_RUNNER_SET_NAMESPACE",
|
|
||||||
Value: autoscalingListener.Spec.AutoscalingRunnerSetNamespace,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "GITHUB_EPHEMERAL_RUNNER_SET_NAME",
|
|
||||||
Value: autoscalingListener.Spec.EphemeralRunnerSetName,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "GITHUB_MAX_RUNNERS",
|
|
||||||
Value: strconv.Itoa(autoscalingListener.Spec.MaxRunners),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "GITHUB_MIN_RUNNERS",
|
|
||||||
Value: strconv.Itoa(autoscalingListener.Spec.MinRunners),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "GITHUB_RUNNER_SCALE_SET_ID",
|
|
||||||
Value: strconv.Itoa(autoscalingListener.Spec.RunnerScaleSetId),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "GITHUB_RUNNER_SCALE_SET_NAME",
|
|
||||||
Value: autoscalingListener.Spec.AutoscalingRunnerSetName,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "GITHUB_RUNNER_LOG_LEVEL",
|
|
||||||
Value: scaleSetListenerLogLevel,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "GITHUB_RUNNER_LOG_FORMAT",
|
|
||||||
Value: scaleSetListenerLogFormat,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
listenerEnv = append(listenerEnv, envs...)
|
listenerEnv = append(listenerEnv, envs...)
|
||||||
|
|
||||||
if _, ok := secret.Data["github_token"]; ok {
|
|
||||||
listenerEnv = append(listenerEnv, corev1.EnvVar{
|
|
||||||
Name: "GITHUB_TOKEN",
|
|
||||||
ValueFrom: &corev1.EnvVarSource{
|
|
||||||
SecretKeyRef: &corev1.SecretKeySelector{
|
|
||||||
LocalObjectReference: corev1.LocalObjectReference{
|
|
||||||
Name: secret.Name,
|
|
||||||
},
|
|
||||||
Key: "github_token",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
if _, ok := secret.Data["github_app_id"]; ok {
|
|
||||||
listenerEnv = append(listenerEnv, corev1.EnvVar{
|
|
||||||
Name: "GITHUB_APP_ID",
|
|
||||||
ValueFrom: &corev1.EnvVarSource{
|
|
||||||
SecretKeyRef: &corev1.SecretKeySelector{
|
|
||||||
LocalObjectReference: corev1.LocalObjectReference{
|
|
||||||
Name: secret.Name,
|
|
||||||
},
|
|
||||||
Key: "github_app_id",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
if _, ok := secret.Data["github_app_installation_id"]; ok {
|
|
||||||
listenerEnv = append(listenerEnv, corev1.EnvVar{
|
|
||||||
Name: "GITHUB_APP_INSTALLATION_ID",
|
|
||||||
ValueFrom: &corev1.EnvVarSource{
|
|
||||||
SecretKeyRef: &corev1.SecretKeySelector{
|
|
||||||
LocalObjectReference: corev1.LocalObjectReference{
|
|
||||||
Name: secret.Name,
|
|
||||||
},
|
|
||||||
Key: "github_app_installation_id",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
if _, ok := secret.Data["github_app_private_key"]; ok {
|
|
||||||
listenerEnv = append(listenerEnv, corev1.EnvVar{
|
|
||||||
Name: "GITHUB_APP_PRIVATE_KEY",
|
|
||||||
ValueFrom: &corev1.EnvVarSource{
|
|
||||||
SecretKeyRef: &corev1.SecretKeySelector{
|
|
||||||
LocalObjectReference: corev1.LocalObjectReference{
|
|
||||||
Name: secret.Name,
|
|
||||||
},
|
|
||||||
Key: "github_app_private_key",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
var ports []corev1.ContainerPort
|
var ports []corev1.ContainerPort
|
||||||
if metricsConfig != nil && len(metricsConfig.addr) != 0 {
|
if metricsConfig != nil && len(metricsConfig.addr) != 0 {
|
||||||
listenerEnv = append(
|
port, err := metricsConfig.containerPort()
|
||||||
listenerEnv,
|
|
||||||
corev1.EnvVar{
|
|
||||||
Name: "GITHUB_METRICS_ADDR",
|
|
||||||
Value: metricsConfig.addr,
|
|
||||||
},
|
|
||||||
corev1.EnvVar{
|
|
||||||
Name: "GITHUB_METRICS_ENDPOINT",
|
|
||||||
Value: metricsConfig.endpoint,
|
|
||||||
},
|
|
||||||
)
|
|
||||||
|
|
||||||
_, portStr, err := net.SplitHostPort(metricsConfig.addr)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to split host:port for metrics address: %v", err)
|
return nil, fmt.Errorf("failed to convert metrics server address to container port: %v", err)
|
||||||
}
|
}
|
||||||
port, err := strconv.ParseInt(portStr, 10, 32)
|
ports = append(ports, port)
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to convert port %q to int32: %v", portStr, err)
|
|
||||||
}
|
|
||||||
ports = append(
|
|
||||||
ports,
|
|
||||||
corev1.ContainerPort{
|
|
||||||
ContainerPort: int32(port),
|
|
||||||
Protocol: corev1.ProtocolTCP,
|
|
||||||
Name: "metrics",
|
|
||||||
},
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
terminationGracePeriodSeconds := int64(60)
|
||||||
podSpec := corev1.PodSpec{
|
podSpec := corev1.PodSpec{
|
||||||
ServiceAccountName: serviceAccount.Name,
|
ServiceAccountName: serviceAccount.Name,
|
||||||
Containers: []corev1.Container{
|
Containers: []corev1.Container{
|
||||||
{
|
{
|
||||||
Name: autoscalingListenerContainerName,
|
Name: autoscalingListenerContainerName,
|
||||||
Image: autoscalingListener.Spec.Image,
|
Image: autoscalingListener.Spec.Image,
|
||||||
Env: listenerEnv,
|
Env: listenerEnv,
|
||||||
ImagePullPolicy: scaleSetListenerImagePullPolicy,
|
|
||||||
Command: []string{
|
Command: []string{
|
||||||
"/github-runnerscaleset-listener",
|
scaleSetListenerEntrypoint,
|
||||||
},
|
},
|
||||||
Ports: ports,
|
Ports: ports,
|
||||||
|
VolumeMounts: []corev1.VolumeMount{
|
||||||
|
{
|
||||||
|
Name: "listener-config",
|
||||||
|
MountPath: "/etc/gha-listener",
|
||||||
|
ReadOnly: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ImagePullSecrets: autoscalingListener.Spec.ImagePullSecrets,
|
Volumes: []corev1.Volume{
|
||||||
RestartPolicy: corev1.RestartPolicyNever,
|
{
|
||||||
|
Name: "listener-config",
|
||||||
|
VolumeSource: corev1.VolumeSource{
|
||||||
|
Secret: &corev1.SecretVolumeSource{
|
||||||
|
SecretName: podConfig.Name,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
ImagePullSecrets: autoscalingListener.Spec.ImagePullSecrets,
|
||||||
|
RestartPolicy: corev1.RestartPolicyNever,
|
||||||
|
TerminationGracePeriodSeconds: &terminationGracePeriodSeconds,
|
||||||
}
|
}
|
||||||
|
|
||||||
labels := make(map[string]string, len(autoscalingListener.Labels))
|
labels := make(map[string]string, len(autoscalingListener.Labels))
|
||||||
@@ -340,7 +311,7 @@ func mergeListenerPodWithTemplate(pod *corev1.Pod, tmpl *corev1.PodTemplateSpec)
|
|||||||
c := &tmpl.Spec.Containers[i]
|
c := &tmpl.Spec.Containers[i]
|
||||||
|
|
||||||
switch c.Name {
|
switch c.Name {
|
||||||
case "listener":
|
case autoscalingListenerContainerName:
|
||||||
mergeListenerContainer(listenerContainer, c)
|
mergeListenerContainer(listenerContainer, c)
|
||||||
default:
|
default:
|
||||||
pod.Spec.Containers = append(pod.Spec.Containers, *c)
|
pod.Spec.Containers = append(pod.Spec.Containers, *c)
|
||||||
@@ -348,7 +319,7 @@ func mergeListenerPodWithTemplate(pod *corev1.Pod, tmpl *corev1.PodTemplateSpec)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// apply pod related spec
|
// apply pod related spec
|
||||||
// NOTE: fields that should be gnored
|
// NOTE: fields that should be ignored
|
||||||
// - service account based fields
|
// - service account based fields
|
||||||
|
|
||||||
if tmpl.Spec.RestartPolicy != "" {
|
if tmpl.Spec.RestartPolicy != "" {
|
||||||
@@ -359,7 +330,7 @@ func mergeListenerPodWithTemplate(pod *corev1.Pod, tmpl *corev1.PodTemplateSpec)
|
|||||||
pod.Spec.ImagePullSecrets = tmpl.Spec.ImagePullSecrets
|
pod.Spec.ImagePullSecrets = tmpl.Spec.ImagePullSecrets
|
||||||
}
|
}
|
||||||
|
|
||||||
pod.Spec.Volumes = tmpl.Spec.Volumes
|
pod.Spec.Volumes = append(pod.Spec.Volumes, tmpl.Spec.Volumes...)
|
||||||
pod.Spec.InitContainers = tmpl.Spec.InitContainers
|
pod.Spec.InitContainers = tmpl.Spec.InitContainers
|
||||||
pod.Spec.EphemeralContainers = tmpl.Spec.EphemeralContainers
|
pod.Spec.EphemeralContainers = tmpl.Spec.EphemeralContainers
|
||||||
pod.Spec.TerminationGracePeriodSeconds = tmpl.Spec.TerminationGracePeriodSeconds
|
pod.Spec.TerminationGracePeriodSeconds = tmpl.Spec.TerminationGracePeriodSeconds
|
||||||
@@ -405,16 +376,9 @@ func mergeListenerContainer(base, from *corev1.Container) {
|
|||||||
base.Command = from.Command
|
base.Command = from.Command
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, v := range from.Env {
|
base.Env = append(base.Env, from.Env...)
|
||||||
if _, ok := reservedListenerContainerEnvKeys[v.Name]; !ok {
|
|
||||||
base.Env = append(base.Env, v)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if from.ImagePullPolicy != "" {
|
|
||||||
base.ImagePullPolicy = from.ImagePullPolicy
|
|
||||||
}
|
|
||||||
|
|
||||||
|
base.ImagePullPolicy = from.ImagePullPolicy
|
||||||
base.Args = append(base.Args, from.Args...)
|
base.Args = append(base.Args, from.Args...)
|
||||||
base.WorkingDir = from.WorkingDir
|
base.WorkingDir = from.WorkingDir
|
||||||
base.Ports = append(base.Ports, from.Ports...)
|
base.Ports = append(base.Ports, from.Ports...)
|
||||||
@@ -430,6 +394,8 @@ func mergeListenerContainer(base, from *corev1.Container) {
|
|||||||
base.TerminationMessagePolicy = from.TerminationMessagePolicy
|
base.TerminationMessagePolicy = from.TerminationMessagePolicy
|
||||||
base.ImagePullPolicy = from.ImagePullPolicy
|
base.ImagePullPolicy = from.ImagePullPolicy
|
||||||
base.SecurityContext = from.SecurityContext
|
base.SecurityContext = from.SecurityContext
|
||||||
|
base.ResizePolicy = from.ResizePolicy
|
||||||
|
base.RestartPolicy = from.RestartPolicy
|
||||||
base.Stdin = from.Stdin
|
base.Stdin = from.Stdin
|
||||||
base.StdinOnce = from.StdinOnce
|
base.StdinOnce = from.StdinOnce
|
||||||
base.TTY = from.TTY
|
base.TTY = from.TTY
|
||||||
@@ -682,6 +648,10 @@ func (b *resourceBuilder) newEphemeralRunnerJitSecret(ephemeralRunner *v1alpha1.
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func scaleSetListenerConfigName(autoscalingListener *v1alpha1.AutoscalingListener) string {
|
||||||
|
return fmt.Sprintf("%s-config", autoscalingListener.Name)
|
||||||
|
}
|
||||||
|
|
||||||
func scaleSetListenerName(autoscalingRunnerSet *v1alpha1.AutoscalingRunnerSet) string {
|
func scaleSetListenerName(autoscalingRunnerSet *v1alpha1.AutoscalingRunnerSet) string {
|
||||||
namespaceHash := hash.FNVHashString(autoscalingRunnerSet.Namespace)
|
namespaceHash := hash.FNVHashString(autoscalingRunnerSet.Namespace)
|
||||||
if len(namespaceHash) > 8 {
|
if len(namespaceHash) > 8 {
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ func TestLabelPropagation(t *testing.T) {
|
|||||||
Name: "test",
|
Name: "test",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
listenerPod, err := b.newScaleSetListenerPod(listener, listenerServiceAccount, listenerSecret, nil)
|
listenerPod, err := b.newScaleSetListenerPod(listener, &corev1.Secret{}, listenerServiceAccount, listenerSecret, nil)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, listenerPod.Labels, listener.Labels)
|
assert.Equal(t, listenerPod.Labels, listener.Labels)
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,9 @@ import (
|
|||||||
"k8s.io/apimachinery/pkg/types"
|
"k8s.io/apimachinery/pkg/types"
|
||||||
"k8s.io/client-go/kubernetes/scheme"
|
"k8s.io/client-go/kubernetes/scheme"
|
||||||
ctrl "sigs.k8s.io/controller-runtime"
|
ctrl "sigs.k8s.io/controller-runtime"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/cache"
|
||||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
|
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
|
||||||
|
|
||||||
. "github.com/onsi/ginkgo/v2"
|
. "github.com/onsi/ginkgo/v2"
|
||||||
. "github.com/onsi/gomega"
|
. "github.com/onsi/gomega"
|
||||||
@@ -69,8 +71,14 @@ func SetupIntegrationTest(ctx2 context.Context) *testEnvironment {
|
|||||||
Expect(err).NotTo(HaveOccurred(), "failed to create test namespace")
|
Expect(err).NotTo(HaveOccurred(), "failed to create test namespace")
|
||||||
|
|
||||||
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
|
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
|
||||||
Namespace: ns.Name,
|
Cache: cache.Options{
|
||||||
MetricsBindAddress: "0",
|
DefaultNamespaces: map[string]cache.Config{
|
||||||
|
ns.Name: {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Metrics: metricsserver.Options{
|
||||||
|
BindAddress: "0",
|
||||||
|
},
|
||||||
})
|
})
|
||||||
Expect(err).NotTo(HaveOccurred(), "failed to create manager")
|
Expect(err).NotTo(HaveOccurred(), "failed to create manager")
|
||||||
|
|
||||||
|
|||||||
@@ -13,12 +13,14 @@ import (
|
|||||||
"k8s.io/apimachinery/pkg/types"
|
"k8s.io/apimachinery/pkg/types"
|
||||||
"k8s.io/client-go/kubernetes/scheme"
|
"k8s.io/client-go/kubernetes/scheme"
|
||||||
ctrl "sigs.k8s.io/controller-runtime"
|
ctrl "sigs.k8s.io/controller-runtime"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/cache"
|
||||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
|
|
||||||
. "github.com/onsi/ginkgo/v2"
|
. "github.com/onsi/ginkgo/v2"
|
||||||
. "github.com/onsi/gomega"
|
. "github.com/onsi/gomega"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||||
|
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
|
||||||
|
|
||||||
actionsv1alpha1 "github.com/actions/actions-runner-controller/apis/actions.summerwind.net/v1alpha1"
|
actionsv1alpha1 "github.com/actions/actions-runner-controller/apis/actions.summerwind.net/v1alpha1"
|
||||||
)
|
)
|
||||||
@@ -143,8 +145,14 @@ func SetupDeploymentTest(ctx2 context.Context) *corev1.Namespace {
|
|||||||
Expect(err).NotTo(HaveOccurred(), "failed to create test namespace")
|
Expect(err).NotTo(HaveOccurred(), "failed to create test namespace")
|
||||||
|
|
||||||
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
|
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
|
||||||
Namespace: ns.Name,
|
Cache: cache.Options{
|
||||||
MetricsBindAddress: "0",
|
DefaultNamespaces: map[string]cache.Config{
|
||||||
|
ns.Name: {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Metrics: metricsserver.Options{
|
||||||
|
BindAddress: "0",
|
||||||
|
},
|
||||||
})
|
})
|
||||||
Expect(err).NotTo(HaveOccurred(), "failed to create manager")
|
Expect(err).NotTo(HaveOccurred(), "failed to create manager")
|
||||||
|
|
||||||
|
|||||||
@@ -9,7 +9,9 @@ import (
|
|||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
"k8s.io/client-go/kubernetes/scheme"
|
"k8s.io/client-go/kubernetes/scheme"
|
||||||
ctrl "sigs.k8s.io/controller-runtime"
|
ctrl "sigs.k8s.io/controller-runtime"
|
||||||
|
"sigs.k8s.io/controller-runtime/pkg/cache"
|
||||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
|
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
|
||||||
|
|
||||||
. "github.com/onsi/ginkgo/v2"
|
. "github.com/onsi/ginkgo/v2"
|
||||||
. "github.com/onsi/gomega"
|
. "github.com/onsi/gomega"
|
||||||
@@ -46,8 +48,14 @@ func SetupTest(ctx2 context.Context) *corev1.Namespace {
|
|||||||
Expect(err).NotTo(HaveOccurred(), "failed to create test namespace")
|
Expect(err).NotTo(HaveOccurred(), "failed to create test namespace")
|
||||||
|
|
||||||
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
|
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
|
||||||
Namespace: ns.Name,
|
Cache: cache.Options{
|
||||||
MetricsBindAddress: "0",
|
DefaultNamespaces: map[string]cache.Config{
|
||||||
|
ns.Name: {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Metrics: metricsserver.Options{
|
||||||
|
BindAddress: "0",
|
||||||
|
},
|
||||||
})
|
})
|
||||||
Expect(err).NotTo(HaveOccurred(), "failed to create manager")
|
Expect(err).NotTo(HaveOccurred(), "failed to create manager")
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,8 @@
|
|||||||
# About ARC
|
# About ARC
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> This documentation covers the legacy mode of ARC (resources in the `actions.summerwind.net` namespace). If you're looking for documentation on the newer autoscaling runner scale sets, it is available in [GitHub Docs](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller). To understand why these resources are considered legacy (and the benefits of using the newer autoscaling runner scale sets), read [this discussion (#2775)](https://github.com/actions/actions-runner-controller/discussions/2775).
|
||||||
|
|
||||||
## Introduction
|
## Introduction
|
||||||
This document provides a high-level overview of Actions Runner Controller (ARC). ARC enables running Github Actions Runners on Kubernetes (K8s) clusters.
|
This document provides a high-level overview of Actions Runner Controller (ARC). ARC enables running Github Actions Runners on Kubernetes (K8s) clusters.
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# Customize listener pod
|
# Customize listener pod
|
||||||
|
|
||||||
**Status**: Proposed
|
**Status**: Done
|
||||||
|
|
||||||
## Context
|
## Context
|
||||||
|
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user