From 4b1eb3156ba40ba373354880e3e3464d04eee544 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Mon, 19 Aug 2024 23:19:38 -0400 Subject: [PATCH 01/99] Implemented TargetAllocator deployment and other dependencies from upstream. --- apis/v1alpha1/allocation_strategy.go | 18 + apis/v1alpha1/amazoncloudwatchagent_types.go | 84 +++++ controllers/common.go | 2 + go.mod | 1 + go.sum | 2 + internal/config/main.go | 24 +- internal/config/options.go | 2 + .../adapters/config_to_prom_config.go | 320 ++++++++++++++++++ .../manifests/targetallocator/annotations.go | 43 +++ .../manifests/targetallocator/configmap.go | 92 +++++ .../manifests/targetallocator/container.go | 91 +++++ .../manifests/targetallocator/deployment.go | 56 +++ internal/manifests/targetallocator/labels.go | 31 ++ internal/manifests/targetallocator/service.go | 36 ++ .../targetallocator/serviceaccount.go | 38 +++ .../targetallocator/targetallocator.go | 33 ++ internal/manifests/targetallocator/volume.go | 31 ++ internal/naming/main.go | 30 ++ 18 files changed, 930 insertions(+), 4 deletions(-) create mode 100644 apis/v1alpha1/allocation_strategy.go create mode 100644 internal/manifests/targetallocator/adapters/config_to_prom_config.go create mode 100644 internal/manifests/targetallocator/annotations.go create mode 100644 internal/manifests/targetallocator/configmap.go create mode 100644 internal/manifests/targetallocator/container.go create mode 100644 internal/manifests/targetallocator/deployment.go create mode 100644 internal/manifests/targetallocator/labels.go create mode 100644 internal/manifests/targetallocator/service.go create mode 100644 internal/manifests/targetallocator/serviceaccount.go create mode 100644 internal/manifests/targetallocator/targetallocator.go create mode 100644 internal/manifests/targetallocator/volume.go diff --git a/apis/v1alpha1/allocation_strategy.go b/apis/v1alpha1/allocation_strategy.go new file mode 100644 index 000000000..1ff113c11 --- /dev/null +++ b/apis/v1alpha1/allocation_strategy.go @@ -0,0 +1,18 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +type ( + // AmazonCloudWatchAgentTargetAllocatorAllocationStrategy represent which strategy to distribute target to each collector + // +kubebuilder:validation:Enum=least-weighted;consistent-hashing + AmazonCloudWatchAgentTargetAllocatorAllocationStrategy string +) + +const ( + // AmazonCloudWatchAgentTargetAllocatorAllocationStrategyLeastWeighted targets will be distributed to collector with fewer targets currently assigned. + AmazonCloudWatchAgentTargetAllocatorAllocationStrategyLeastWeighted AmazonCloudWatchAgentTargetAllocatorAllocationStrategy = "least-weighted" + + // AmazonCloudWatchAgentTargetAllocatorAllocationStrategyConsistentHashing targets will be consistently added to collectors, which allows a high-availability setup. + AmazonCloudWatchAgentTargetAllocatorAllocationStrategyConsistentHashing AmazonCloudWatchAgentTargetAllocatorAllocationStrategy = "consistent-hashing" +) diff --git a/apis/v1alpha1/amazoncloudwatchagent_types.go b/apis/v1alpha1/amazoncloudwatchagent_types.go index 67c38c4f7..4e9fa16bc 100644 --- a/apis/v1alpha1/amazoncloudwatchagent_types.go +++ b/apis/v1alpha1/amazoncloudwatchagent_types.go @@ -143,6 +143,9 @@ type AmazonCloudWatchAgentSpec struct { // Collector and Target Allocator pods. // +optional PodAnnotations map[string]string `json:"podAnnotations,omitempty"` + // TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. + // +optional + TargetAllocator AmazonCloudWatchAgentTargetAllocator `json:"targetAllocator,omitempty"` // Mode represents how the collector should be deployed (deployment, daemonset, statefulset or sidecar) // +optional Mode Mode `json:"mode,omitempty"` @@ -273,6 +276,87 @@ type AmazonCloudWatchAgentSpec struct { UpdateStrategy appsv1.DaemonSetUpdateStrategy `json:"updateStrategy,omitempty"` } +// AmazonCloudWatchAgentTargetAllocator defines the configurations for the Prometheus target allocator. +type AmazonCloudWatchAgentTargetAllocator struct { + // Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value + // other than 1 if a strategy that allows for high availability is chosen. Currently, the only allocation strategy + // that can be run in a high availability mode is consistent-hashing. + // +optional + Replicas *int32 `json:"replicas,omitempty"` + // NodeSelector to schedule OpenTelemetry TargetAllocator pods. + // +optional + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // Resources to set on the OpenTelemetryTargetAllocator containers. + // +optional + Resources v1.ResourceRequirements `json:"resources,omitempty"` + // AllocationStrategy determines which strategy the target allocator should use for allocation. + // The current options are least-weighted and consistent-hashing. The default option is least-weighted + // +optional + AllocationStrategy AmazonCloudWatchAgentTargetAllocatorAllocationStrategy `json:"allocationStrategy,omitempty"` + // FilterStrategy determines how to filter targets before allocating them among the collectors. + // The only current option is relabel-config (drops targets based on prom relabel_config). + // Filtering is disabled by default. + // +optional + FilterStrategy string `json:"filterStrategy,omitempty"` + // ServiceAccount indicates the name of an existing service account to use with this instance. When set, + // the operator will not automatically create a ServiceAccount for the TargetAllocator. + // +optional + ServiceAccount string `json:"serviceAccount,omitempty"` + // Image indicates the container image to use for the OpenTelemetry TargetAllocator. + // +optional + Image string `json:"image,omitempty"` + // Enabled indicates whether to use a target allocation mechanism for Prometheus targets or not. + // +optional + Enabled bool `json:"enabled,omitempty"` + // If specified, indicates the pod's scheduling constraints + // +optional + Affinity *v1.Affinity `json:"affinity,omitempty"` + // PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. + // All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces. + // +optional + PrometheusCR AmazonCloudWatchAgentTargetAllocatorPrometheusCR `json:"prometheusCR,omitempty"` + // SecurityContext configures the container security context for + // the targetallocator. + // +optional + SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` + // TopologySpreadConstraints embedded kubernetes pod configuration option, + // controls how pods are spread across your cluster among failure-domains + // such as regions, zones, nodes, and other user-defined topology domains + // https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // Toleration embedded kubernetes pod configuration option, + // controls how pods can be scheduled with matching taints + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be + // consumed in the config file for the TargetAllocator. + // +optional + Env []v1.EnvVar `json:"env,omitempty"` +} + +type AmazonCloudWatchAgentTargetAllocatorPrometheusCR struct { + // Enabled indicates whether to use a PrometheusOperator custom resources as targets or not. + // +optional + Enabled bool `json:"enabled,omitempty"` + // Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. + // + // Default: "30s" + // +kubebuilder:default:="30s" + // +kubebuilder:validation:Format:=duration + ScrapeInterval *metav1.Duration `json:"scrapeInterval,omitempty"` + // PodMonitors to be selected for target discovery. + // This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a + // PodMonitor's meta labels. The requirements are ANDed. + // +optional + PodMonitorSelector map[string]string `json:"podMonitorSelector,omitempty"` + // ServiceMonitors to be selected for target discovery. + // This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a + // ServiceMonitor's meta labels. The requirements are ANDed. + // +optional + ServiceMonitorSelector map[string]string `json:"serviceMonitorSelector,omitempty"` +} + // ScaleSubresourceStatus defines the observed state of the AmazonCloudWatchAgent's // scale subresource. type ScaleSubresourceStatus struct { diff --git a/controllers/common.go b/controllers/common.go index c3b844ca1..0f5d8660f 100644 --- a/controllers/common.go +++ b/controllers/common.go @@ -23,6 +23,7 @@ import ( "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator" ) const ( @@ -44,6 +45,7 @@ func isNamespaceScoped(obj client.Object) bool { func BuildCollector(params manifests.Params) ([]client.Object, error) { builders := []manifests.Builder{ collector.Build, + targetallocator.Build, } var resources []client.Object for _, builder := range builders { diff --git a/go.mod b/go.mod index feb43eded..2c1a77918 100644 --- a/go.mod +++ b/go.mod @@ -120,6 +120,7 @@ require ( github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect + github.com/operator-framework/operator-lib v0.11.0 // indirect github.com/ovh/go-ovh v1.4.3 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index 4b4041235..01d3cbf2a 100644 --- a/go.sum +++ b/go.sum @@ -352,6 +352,8 @@ github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrB github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/openshift/api v0.0.0-20180801171038-322a19404e37 h1:05irGU4HK4IauGGDbsk+ZHrm1wOzMLYjMlfaiqMrBYc= github.com/openshift/api v0.0.0-20180801171038-322a19404e37/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY= +github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9BwCisZd3rIzmHRC9Z8= +github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g= github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0= github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/internal/config/main.go b/internal/config/main.go index 24c345164..6b7676749 100644 --- a/internal/config/main.go +++ b/internal/config/main.go @@ -12,7 +12,8 @@ import ( ) const ( - defaultCollectorConfigMapEntry = "cwagentconfig.json" + defaultCollectorConfigMapEntry = "cwagentconfig.json" + defaultTargetAllocatorConfigMapEntry = "targetallocator.yaml" ) // Config holds the static configuration for this operator. @@ -29,6 +30,8 @@ type Config struct { autoInstrumentationJavaImage string dcgmExporterImage string neuronMonitorImage string + targetAllocatorImage string + targetAllocatorConfigMapEntry string labelsFilter []string } @@ -36,9 +39,10 @@ type Config struct { func New(opts ...Option) Config { // initialize with the default values o := options{ - collectorConfigMapEntry: defaultCollectorConfigMapEntry, - logger: logf.Log.WithName("config"), - version: version.Get(), + collectorConfigMapEntry: defaultCollectorConfigMapEntry, + targetAllocatorConfigMapEntry: defaultTargetAllocatorConfigMapEntry, + logger: logf.Log.WithName("config"), + version: version.Get(), } for _, opt := range opts { opt(&o) @@ -57,6 +61,8 @@ func New(opts ...Option) Config { autoInstrumentationNginxImage: o.autoInstrumentationNginxImage, dcgmExporterImage: o.dcgmExporterImage, neuronMonitorImage: o.neuronMonitorImage, + targetAllocatorImage: o.targetAllocatorImage, + targetAllocatorConfigMapEntry: o.targetAllocatorConfigMapEntry, labelsFilter: o.labelsFilter, } } @@ -116,6 +122,16 @@ func (c *Config) NeuronMonitorImage() string { return c.neuronMonitorImage } +// TargetAllocatorImage represents the flag to override the OpenTelemetry TargetAllocator container image. +func (c *Config) TargetAllocatorImage() string { + return c.targetAllocatorImage +} + +// TargetAllocatorConfigMapEntry represents the configuration file name for the TargetAllocator. Immutable. +func (c *Config) TargetAllocatorConfigMapEntry() string { + return c.targetAllocatorConfigMapEntry +} + // LabelsFilter Returns the filters converted to regex strings used to filter out unwanted labels from propagations. func (c *Config) LabelsFilter() []string { return c.labelsFilter diff --git a/internal/config/options.go b/internal/config/options.go index c54122ca2..ba365be0e 100644 --- a/internal/config/options.go +++ b/internal/config/options.go @@ -29,6 +29,8 @@ type options struct { collectorConfigMapEntry string dcgmExporterImage string neuronMonitorImage string + targetAllocatorImage string + targetAllocatorConfigMapEntry string labelsFilter []string } diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go new file mode 100644 index 000000000..cb69435ac --- /dev/null +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -0,0 +1,320 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package adapters + +import ( + "errors" + "fmt" + "net/url" + "regexp" + "strings" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" +) + +func errorNoComponent(component string) error { + return fmt.Errorf("no %s available as part of the configuration", component) +} + +func errorNotAMapAtIndex(component string, index int) error { + return fmt.Errorf("index %d: %s property in the configuration doesn't contain a valid map: %s", index, component, component) +} + +func errorNotAMap(component string) error { + return fmt.Errorf("%s property in the configuration doesn't contain valid %s", component, component) +} + +func errorNotAList(component string) error { + return fmt.Errorf("%s must be a list in the config", component) +} + +func errorNotAListAtIndex(component string, index int) error { + return fmt.Errorf("index %d: %s property in the configuration doesn't contain a valid index: %s", index, component, component) +} + +func errorNotAStringAtIndex(component string, index int) error { + return fmt.Errorf("index %d: %s property in the configuration doesn't contain a valid string: %s", index, component, component) +} + +// getScrapeConfigsFromPromConfig extracts the scrapeConfig array from prometheus receiver config. +func getScrapeConfigsFromPromConfig(promReceiverConfig map[interface{}]interface{}) ([]interface{}, error) { + prometheusConfigProperty, ok := promReceiverConfig["config"] + if !ok { + return nil, errorNoComponent("prometheusConfig") + } + + prometheusConfig, ok := prometheusConfigProperty.(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMap("prometheusConfig") + } + + scrapeConfigsProperty, ok := prometheusConfig["scrape_configs"] + if !ok { + return nil, errorNoComponent("scrape_configs") + } + + scrapeConfigs, ok := scrapeConfigsProperty.([]interface{}) + if !ok { + return nil, errorNotAList("scrape_configs") + } + + return scrapeConfigs, nil +} + +// ConfigToPromConfig converts the incoming configuration object into the Prometheus receiver config. +func ConfigToPromConfig(cfg string) (map[interface{}]interface{}, error) { + config, err := adapters.ConfigFromString(cfg) + if err != nil { + return nil, err + } + + receiversProperty, ok := config["receivers"] + if !ok { + return nil, errorNoComponent("receivers") + } + + receivers, ok := receiversProperty.(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMap("receivers") + } + + prometheusProperty, ok := receivers["prometheus"] + if !ok { + return nil, errorNoComponent("prometheus") + } + + prometheus, ok := prometheusProperty.(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMap("prometheus") + } + + return prometheus, nil +} + +// UnescapeDollarSignsInPromConfig replaces "$$" with "$" in the "replacement" fields of +// both "relabel_configs" and "metric_relabel_configs" in a Prometheus configuration file. +func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, error) { + prometheus, err := ConfigToPromConfig(cfg) + if err != nil { + return nil, err + } + + scrapeConfigs, err := getScrapeConfigsFromPromConfig(prometheus) + if err != nil { + return nil, err + } + + for i, config := range scrapeConfigs { + scrapeConfig, ok := config.(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMapAtIndex("scrape_config", i) + } + + relabelConfigsProperty, ok := scrapeConfig["relabel_configs"] + if !ok { + continue + } + + relabelConfigs, ok := relabelConfigsProperty.([]interface{}) + if !ok { + return nil, errorNotAListAtIndex("relabel_configs", i) + } + + for i, rc := range relabelConfigs { + relabelConfig, rcErr := rc.(map[interface{}]interface{}) + if !rcErr { + return nil, errorNotAMapAtIndex("relabel_config", i) + } + + replacementProperty, rcErr := relabelConfig["replacement"] + if !rcErr { + continue + } + + replacement, rcErr := replacementProperty.(string) + if !rcErr { + return nil, errorNotAStringAtIndex("replacement", i) + } + + relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") + } + + metricRelabelConfigsProperty, ok := scrapeConfig["metric_relabel_configs"] + if !ok { + continue + } + + metricRelabelConfigs, ok := metricRelabelConfigsProperty.([]interface{}) + if !ok { + return nil, errorNotAListAtIndex("metric_relabel_configs", i) + } + + for i, rc := range metricRelabelConfigs { + relabelConfig, ok := rc.(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMapAtIndex("metric_relabel_config", i) + } + + replacementProperty, ok := relabelConfig["replacement"] + if !ok { + continue + } + + replacement, ok := replacementProperty.(string) + if !ok { + return nil, errorNotAStringAtIndex("replacement", i) + } + + relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") + } + } + + return prometheus, nil +} + +// AddHTTPSDConfigToPromConfig adds HTTP SD (Service Discovery) configuration to the Prometheus configuration. +// This function removes any existing service discovery configurations (e.g., `sd_configs`, `dns_sd_configs`, `file_sd_configs`, etc.) +// from the `scrape_configs` section and adds a single `http_sd_configs` configuration. +// The `http_sd_configs` points to the TA (Target Allocator) endpoint that provides the list of targets for the given job. +func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceName string) (map[interface{}]interface{}, error) { + prometheusConfigProperty, ok := prometheus["config"] + if !ok { + return nil, errorNoComponent("prometheusConfig") + } + + prometheusConfig, ok := prometheusConfigProperty.(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMap("prometheusConfig") + } + + scrapeConfigsProperty, ok := prometheusConfig["scrape_configs"] + if !ok { + return nil, errorNoComponent("scrape_configs") + } + + scrapeConfigs, ok := scrapeConfigsProperty.([]interface{}) + if !ok { + return nil, errorNotAList("scrape_configs") + } + + sdRegex := regexp.MustCompile(`^.*(sd|static)_configs$`) + + for i, config := range scrapeConfigs { + scrapeConfig, ok := config.(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMapAtIndex("scrape_config", i) + } + + // Check for other types of service discovery configs (e.g. dns_sd_configs, file_sd_configs, etc.) + for key := range scrapeConfig { + keyStr, keyErr := key.(string) + if !keyErr { + continue + } + if sdRegex.MatchString(keyStr) { + delete(scrapeConfig, key) + } + } + + jobNameProperty, ok := scrapeConfig["job_name"] + if !ok { + return nil, errorNotAStringAtIndex("job_name", i) + } + + jobName, ok := jobNameProperty.(string) + if !ok { + return nil, errorNotAStringAtIndex("job_name is not a string", i) + } + + escapedJob := url.QueryEscape(jobName) + scrapeConfig["http_sd_configs"] = []interface{}{ + map[string]interface{}{ + "url": fmt.Sprintf("http://%s:80/jobs/%s/targets?collector_id=$POD_NAME", taServiceName, escapedJob), + }, + } + } + + return prometheus, nil +} + +// AddTAConfigToPromConfig adds or updates the target_allocator configuration in the Prometheus configuration. +// If the `EnableTargetAllocatorRewrite` feature flag for the target allocator is enabled, this function +// removes the existing scrape_configs from the collector's Prometheus configuration as it's not required. +func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceName string) (map[interface{}]interface{}, error) { + prometheusConfigProperty, ok := prometheus["config"] + if !ok { + return nil, errorNoComponent("prometheusConfig") + } + + prometheusCfg, ok := prometheusConfigProperty.(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMap("prometheusConfig") + } + + // Create the TargetAllocConfig dynamically if it doesn't exist + if prometheus["target_allocator"] == nil { + prometheus["target_allocator"] = make(map[interface{}]interface{}) + } + + targetAllocatorCfg, ok := prometheus["target_allocator"].(map[interface{}]interface{}) + if !ok { + return nil, errorNotAMap("target_allocator") + } + + targetAllocatorCfg["endpoint"] = fmt.Sprintf("http://%s:80", taServiceName) + targetAllocatorCfg["interval"] = "30s" + targetAllocatorCfg["collector_id"] = "${POD_NAME}" + + // Remove the scrape_configs key from the map + delete(prometheusCfg, "scrape_configs") + + return prometheus, nil +} + +// ValidatePromConfig checks if the prometheus receiver config is valid given other collector-level settings. +func ValidatePromConfig(config map[interface{}]interface{}, targetAllocatorEnabled bool, targetAllocatorRewriteEnabled bool) error { + _, promConfigExists := config["config"] + + if targetAllocatorEnabled { + if targetAllocatorRewriteEnabled { // if rewrite is enabled, we will add a target_allocator section during rewrite + return nil + } + _, targetAllocatorExists := config["target_allocator"] + + // otherwise, either the target_allocator or config section needs to be here + if !(promConfigExists || targetAllocatorExists) { + return errors.New("either target allocator or prometheus config needs to be present") + } + + return nil + } + // if target allocator isn't enabled, we need a config section + if !promConfigExists { + return errorNoComponent("prometheusConfig") + } + + return nil +} + +// ValidateTargetAllocatorConfig checks if the Target Allocator config is valid +// In order for Target Allocator to do anything useful, at least one of the following has to be true: +// - at least one scrape config has to be defined in Prometheus receiver configuration +// - PrometheusCR has to be enabled in target allocator settings +func ValidateTargetAllocatorConfig(targetAllocatorPrometheusCR bool, promReceiverConfig map[interface{}]interface{}) error { + + if targetAllocatorPrometheusCR { + return nil + } + // if PrometheusCR isn't enabled, we need at least one scrape config + scrapeConfigs, err := getScrapeConfigsFromPromConfig(promReceiverConfig) + if err != nil { + return err + } + + if len(scrapeConfigs) == 0 { + return fmt.Errorf("either at least one scrape config needs to be defined or PrometheusCR needs to be enabled") + } + + return nil +} diff --git a/internal/manifests/targetallocator/annotations.go b/internal/manifests/targetallocator/annotations.go new file mode 100644 index 000000000..f86a30be7 --- /dev/null +++ b/internal/manifests/targetallocator/annotations.go @@ -0,0 +1,43 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "crypto/sha256" + "fmt" + + v1 "k8s.io/api/core/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" +) + +const configMapHashAnnotationKey = "amazon-cloudwatch-agent-targetallocator-config/hash" + +// Annotations returns the annotations for the TargetAllocator Pod. +func Annotations(instance v1alpha1.AmazonCloudWatchAgent, configMap *v1.ConfigMap) map[string]string { + // Make a copy of PodAnnotations to be safe + annotations := make(map[string]string, len(instance.Spec.PodAnnotations)) + for key, value := range instance.Spec.PodAnnotations { + annotations[key] = value + } + + if configMap != nil { + cmHash := getConfigMapSHA(configMap) + if cmHash != "" { + annotations[configMapHashAnnotationKey] = getConfigMapSHA(configMap) + } + } + + return annotations +} + +// getConfigMapSHA returns the hash of the content of the TA ConfigMap. +func getConfigMapSHA(configMap *v1.ConfigMap) string { + configString, ok := configMap.Data[targetAllocatorFilename] + if !ok { + return "" + } + h := sha256.Sum256([]byte(configString)) + return fmt.Sprintf("%x", h) +} diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go new file mode 100644 index 000000000..48fc657a3 --- /dev/null +++ b/internal/manifests/targetallocator/configmap.go @@ -0,0 +1,92 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "strings" + + "gopkg.in/yaml.v2" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" +) + +const ( + targetAllocatorFilename = "targetallocator.yaml" +) + +func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { + name := naming.TAConfigMap(params.OtelCol.Name) + version := strings.Split(params.OtelCol.Spec.Image, ":") + labels := Labels(params.OtelCol, name) + if len(version) > 1 { + labels["app.kubernetes.io/version"] = version[len(version)-1] + } else { + labels["app.kubernetes.io/version"] = "latest" + } + + // Collector supports environment variable substitution, but the TA does not. + // TA ConfigMap should have a single "$", as it does not support env var substitution + prometheusReceiverConfig, err := adapters.UnescapeDollarSignsInPromConfig(params.OtelCol.Spec.Config) + if err != nil { + return &corev1.ConfigMap{}, err + } + + taConfig := make(map[interface{}]interface{}) + prometheusCRConfig := make(map[interface{}]interface{}) + taConfig["label_selector"] = manifestutils.SelectorLabels(params.OtelCol.ObjectMeta, collector.ComponentAmazonCloudWatchAgent) + // We only take the "config" from the returned object, if it's present + if prometheusConfig, ok := prometheusReceiverConfig["config"]; ok { + taConfig["config"] = prometheusConfig + } + + if len(params.OtelCol.Spec.TargetAllocator.AllocationStrategy) > 0 { + taConfig["allocation_strategy"] = params.OtelCol.Spec.TargetAllocator.AllocationStrategy + } else { + taConfig["allocation_strategy"] = v1alpha1.AmazonCloudWatchAgentTargetAllocatorAllocationStrategyLeastWeighted + } + + if len(params.OtelCol.Spec.TargetAllocator.FilterStrategy) > 0 { + taConfig["filter_strategy"] = params.OtelCol.Spec.TargetAllocator.FilterStrategy + } + + if params.OtelCol.Spec.TargetAllocator.PrometheusCR.ScrapeInterval.Size() > 0 { + prometheusCRConfig["scrape_interval"] = params.OtelCol.Spec.TargetAllocator.PrometheusCR.ScrapeInterval.Duration + } + + if params.OtelCol.Spec.TargetAllocator.PrometheusCR.ServiceMonitorSelector != nil { + taConfig["service_monitor_selector"] = ¶ms.OtelCol.Spec.TargetAllocator.PrometheusCR.ServiceMonitorSelector + } + + if params.OtelCol.Spec.TargetAllocator.PrometheusCR.PodMonitorSelector != nil { + taConfig["pod_monitor_selector"] = ¶ms.OtelCol.Spec.TargetAllocator.PrometheusCR.PodMonitorSelector + } + + if len(prometheusCRConfig) > 0 { + taConfig["prometheus_cr"] = prometheusCRConfig + } + + taConfigYAML, err := yaml.Marshal(taConfig) + if err != nil { + return &corev1.ConfigMap{}, err + } + + return &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: params.OtelCol.Namespace, + Labels: labels, + Annotations: params.OtelCol.Annotations, + }, + Data: map[string]string{ + targetAllocatorFilename: string(taConfigYAML), + }, + }, nil +} diff --git a/internal/manifests/targetallocator/container.go b/internal/manifests/targetallocator/container.go new file mode 100644 index 000000000..7a6931c9a --- /dev/null +++ b/internal/manifests/targetallocator/container.go @@ -0,0 +1,91 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "github.com/go-logr/logr" + "github.com/operator-framework/operator-lib/proxy" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" +) + +// Container builds a container for the given TargetAllocator. +func Container(cfg config.Config, logger logr.Logger, otelcol v1alpha1.AmazonCloudWatchAgent) corev1.Container { + image := otelcol.Spec.TargetAllocator.Image + if len(image) == 0 { + image = cfg.TargetAllocatorImage() + } + + ports := make([]corev1.ContainerPort, 0) + ports = append(ports, corev1.ContainerPort{ + Name: "http", + ContainerPort: 8080, + Protocol: corev1.ProtocolTCP, + }) + + volumeMounts := []corev1.VolumeMount{{ + Name: naming.TAConfigMapVolume(), + MountPath: "/conf", + }} + + var envVars = otelcol.Spec.TargetAllocator.Env + if otelcol.Spec.TargetAllocator.Env == nil { + envVars = []corev1.EnvVar{} + } + + idx := -1 + for i := range envVars { + if envVars[i].Name == "OTELCOL_NAMESPACE" { + idx = i + } + } + if idx == -1 { + envVars = append(envVars, corev1.EnvVar{ + Name: "OTELCOL_NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }) + } + + var args []string + if otelcol.Spec.TargetAllocator.PrometheusCR.Enabled { + args = append(args, "--enable-prometheus-cr-watcher") + } + readinessProbe := &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/readyz", + Port: intstr.FromInt(8080), + }, + }, + } + livenessProbe := &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/livez", + Port: intstr.FromInt(8080), + }, + }, + } + + envVars = append(envVars, proxy.ReadProxyVarsFromEnv()...) + return corev1.Container{ + Name: naming.TAContainer(), + Image: image, + Ports: ports, + Env: envVars, + VolumeMounts: volumeMounts, + Resources: otelcol.Spec.TargetAllocator.Resources, + Args: args, + LivenessProbe: livenessProbe, + ReadinessProbe: readinessProbe, + } +} diff --git a/internal/manifests/targetallocator/deployment.go b/internal/manifests/targetallocator/deployment.go new file mode 100644 index 000000000..b547f86b1 --- /dev/null +++ b/internal/manifests/targetallocator/deployment.go @@ -0,0 +1,56 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" +) + +// Deployment builds the deployment for the given instance. +func Deployment(params manifests.Params) (*appsv1.Deployment, error) { + name := naming.TargetAllocator(params.OtelCol.Name) + labels := Labels(params.OtelCol, name) + + configMap, err := ConfigMap(params) + if err != nil { + params.Log.Info("failed to construct target allocator config map for annotations") + configMap = nil + } + annotations := Annotations(params.OtelCol, configMap) + + return &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: params.OtelCol.Namespace, + Labels: labels, + }, + Spec: appsv1.DeploymentSpec{ + Replicas: params.OtelCol.Spec.TargetAllocator.Replicas, + Selector: &metav1.LabelSelector{ + MatchLabels: labels, + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: labels, + Annotations: annotations, + }, + Spec: corev1.PodSpec{ + ServiceAccountName: ServiceAccountName(params.OtelCol), + Containers: []corev1.Container{Container(params.Config, params.Log, params.OtelCol)}, + Volumes: Volumes(params.Config, params.OtelCol), + NodeSelector: params.OtelCol.Spec.TargetAllocator.NodeSelector, + Tolerations: params.OtelCol.Spec.TargetAllocator.Tolerations, + TopologySpreadConstraints: params.OtelCol.Spec.TargetAllocator.TopologySpreadConstraints, + Affinity: params.OtelCol.Spec.TargetAllocator.Affinity, + SecurityContext: params.OtelCol.Spec.TargetAllocator.SecurityContext, + }, + }, + }, + }, nil +} diff --git a/internal/manifests/targetallocator/labels.go b/internal/manifests/targetallocator/labels.go new file mode 100644 index 000000000..2caf47e72 --- /dev/null +++ b/internal/manifests/targetallocator/labels.go @@ -0,0 +1,31 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" +) + +// Labels return the common labels to all TargetAllocator objects that are part of a managed AmazonCloudWatchAgent. +func Labels(instance v1alpha1.AmazonCloudWatchAgent, name string) map[string]string { + // new map every time, so that we don't touch the instance's label + base := map[string]string{} + if nil != instance.Labels { + for k, v := range instance.Labels { + base[k] = v + } + } + + base["app.kubernetes.io/managed-by"] = "amazon-cloudwatch-agent-operator" + base["app.kubernetes.io/instance"] = naming.Truncate("%s.%s", 63, instance.Namespace, instance.Name) + base["app.kubernetes.io/part-of"] = "amazon-cloudwatch-agent" + base["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-targetallocator" + + if _, ok := base["app.kubernetes.io/name"]; !ok { + base["app.kubernetes.io/name"] = name + } + + return base +} diff --git a/internal/manifests/targetallocator/service.go b/internal/manifests/targetallocator/service.go new file mode 100644 index 000000000..0a83b2efe --- /dev/null +++ b/internal/manifests/targetallocator/service.go @@ -0,0 +1,36 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" +) + +func Service(params manifests.Params) *corev1.Service { + name := naming.TAService(params.OtelCol.Name) + labels := Labels(params.OtelCol, name) + + selector := Labels(params.OtelCol, name) + + return &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: naming.TAService(params.OtelCol.Name), + Namespace: params.OtelCol.Namespace, + Labels: labels, + }, + Spec: corev1.ServiceSpec{ + Selector: selector, + Ports: []corev1.ServicePort{{ + Name: "targetallocation", + Port: 80, + TargetPort: intstr.FromString("http"), + }}, + }, + } +} diff --git a/internal/manifests/targetallocator/serviceaccount.go b/internal/manifests/targetallocator/serviceaccount.go new file mode 100644 index 000000000..bfd7c909c --- /dev/null +++ b/internal/manifests/targetallocator/serviceaccount.go @@ -0,0 +1,38 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" +) + +// ServiceAccountName returns the name of the existing or self-provisioned service account to use for the given instance. +func ServiceAccountName(instance v1alpha1.AmazonCloudWatchAgent) string { + if len(instance.Spec.TargetAllocator.ServiceAccount) == 0 { + return naming.ServiceAccount(instance.Name) + } + + return instance.Spec.TargetAllocator.ServiceAccount +} + +// ServiceAccount returns the service account for the given instance. +func ServiceAccount(params manifests.Params) *corev1.ServiceAccount { + name := naming.TargetAllocatorServiceAccount(params.OtelCol.Name) + labels := Labels(params.OtelCol, name) + + return &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: params.OtelCol.Namespace, + Labels: labels, + Annotations: params.OtelCol.Annotations, + }, + } +} diff --git a/internal/manifests/targetallocator/targetallocator.go b/internal/manifests/targetallocator/targetallocator.go new file mode 100644 index 000000000..ebc9c2f9e --- /dev/null +++ b/internal/manifests/targetallocator/targetallocator.go @@ -0,0 +1,33 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" +) + +// Build creates the manifest for the TargetAllocator resource. +func Build(params manifests.Params) ([]client.Object, error) { + var resourceManifests []client.Object + if !params.OtelCol.Spec.TargetAllocator.Enabled { + return resourceManifests, nil + } + resourceFactories := []manifests.K8sManifestFactory{ + manifests.Factory(ConfigMap), + manifests.Factory(Deployment), + manifests.FactoryWithoutError(ServiceAccount), + manifests.FactoryWithoutError(Service), + } + for _, factory := range resourceFactories { + res, err := factory(params) + if err != nil { + return nil, err + } else if manifests.ObjectIsNotNil(res) { + resourceManifests = append(resourceManifests, res) + } + } + return resourceManifests, nil +} diff --git a/internal/manifests/targetallocator/volume.go b/internal/manifests/targetallocator/volume.go new file mode 100644 index 000000000..a4ac2ecfe --- /dev/null +++ b/internal/manifests/targetallocator/volume.go @@ -0,0 +1,31 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + corev1 "k8s.io/api/core/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" +) + +// Volumes builds the volumes for the given instance, including the config map volume. +func Volumes(cfg config.Config, otelcol v1alpha1.AmazonCloudWatchAgent) []corev1.Volume { + volumes := []corev1.Volume{{ + Name: naming.TAConfigMapVolume(), + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{Name: naming.TAConfigMap(otelcol.Name)}, + Items: []corev1.KeyToPath{ + { + Key: cfg.TargetAllocatorConfigMapEntry(), + Path: cfg.TargetAllocatorConfigMapEntry(), + }}, + }, + }, + }} + + return volumes +} diff --git a/internal/naming/main.go b/internal/naming/main.go index 251b88db9..6a89fdb90 100644 --- a/internal/naming/main.go +++ b/internal/naming/main.go @@ -9,6 +9,11 @@ func ConfigMap(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) } +// TAConfigMap returns the name for the config map used in the TargetAllocator. +func TAConfigMap(otelcol string) string { + return DNSName(Truncate("%s-targetallocator", 63, otelcol)) +} + // ConfigMapVolume returns the name to use for the config map's volume in the pod. func ConfigMapVolume() string { return "otc-internal" @@ -19,11 +24,21 @@ func ConfigMapExtra(extraConfigMapName string) string { return DNSName(Truncate("configmap-%s", 63, extraConfigMapName)) } +// TAConfigMapVolume returns the name to use for the config map's volume in the TargetAllocator pod. +func TAConfigMapVolume() string { + return "ta-internal" +} + // Container returns the name to use for the container in the pod. func Container() string { return "otc-container" } +// TAContainer returns the name to use for the container in the TargetAllocator pod. +func TAContainer() string { + return "ta-container" +} + // Collector builds the collector (deployment/daemonset) name based on the instance. func Collector(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) @@ -49,6 +64,11 @@ func AmazonCloudWatchAgentName(otelcolName string) string { return DNSName(Truncate("%s", 63, otelcolName)) } +// TargetAllocator returns the TargetAllocator deployment resource name. +func TargetAllocator(otelcol string) string { + return DNSName(Truncate("%s-targetallocator", 63, otelcol)) +} + // HeadlessService builds the name for the headless service based on the instance. func HeadlessService(otelcol string) string { return DNSName(Truncate("%s-headless", 63, Service(otelcol))) @@ -74,6 +94,11 @@ func Route(otelcol string, prefix string) string { return DNSName(Truncate("%s-%s-route", 63, prefix, otelcol)) } +// TAService returns the name to use for the TargetAllocator service. +func TAService(otelcol string) string { + return DNSName(Truncate("%s-targetallocator", 63, otelcol)) +} + // ServiceAccount builds the service account name based on the instance. func ServiceAccount(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) @@ -88,3 +113,8 @@ func ServiceMonitor(otelcol string) string { func PodMonitor(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) } + +// TargetAllocatorServiceAccount returns the TargetAllocator service account resource name. +func TargetAllocatorServiceAccount(otelcol string) string { + return DNSName(Truncate("%s-targetallocator", 63, otelcol)) +} From 0e079bda3645c07cd3cc2ec9dd12f27d99d2b71c Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 01:33:11 -0400 Subject: [PATCH 02/99] Added unit tests, organization, and relevant build files. --- Dockerfile | 3 +- Makefile | 3 +- internal/config/options.go | 6 + .../manifests/collector/config_replace.go | 63 +++ .../collector/config_replace_test.go | 192 ++++++++ internal/manifests/collector/container.go | 12 + .../adapters/config_to_prom_config_test.go | 439 ++++++++++++++++++ .../targetallocator/annotations_test.go | 52 +++ .../targetallocator/configmap_test.go | 149 ++++++ .../targetallocator/container_test.go | 359 ++++++++++++++ .../targetallocator/deployment_test.go | 361 ++++++++++++++ .../manifests/targetallocator/labels_test.go | 56 +++ .../manifests/targetallocator/service_test.go | 34 ++ .../targetallocator/serviceaccount_test.go | 48 ++ .../targetallocator/testdata/test.yaml | 22 + .../manifests/targetallocator/volume_test.go | 32 ++ internal/version/main.go | 17 +- internal/version/main_test.go | 15 + main.go | 5 + versions.txt | 3 + 20 files changed, 1868 insertions(+), 3 deletions(-) create mode 100644 internal/manifests/collector/config_replace_test.go create mode 100644 internal/manifests/targetallocator/adapters/config_to_prom_config_test.go create mode 100644 internal/manifests/targetallocator/annotations_test.go create mode 100644 internal/manifests/targetallocator/configmap_test.go create mode 100644 internal/manifests/targetallocator/container_test.go create mode 100644 internal/manifests/targetallocator/deployment_test.go create mode 100644 internal/manifests/targetallocator/labels_test.go create mode 100644 internal/manifests/targetallocator/service_test.go create mode 100644 internal/manifests/targetallocator/serviceaccount_test.go create mode 100644 internal/manifests/targetallocator/testdata/test.yaml create mode 100644 internal/manifests/targetallocator/volume_test.go diff --git a/Dockerfile b/Dockerfile index 57e479d38..366a44a63 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,9 +29,10 @@ ARG AUTO_INSTRUMENTATION_PYTHON_VERSION ARG AUTO_INSTRUMENTATION_DOTNET_VERSION ARG DCMG_EXPORTER_VERSION ARG NEURON_MONITOR_VERSION +ARG TARGETALLOCATOR_VERSION # Build -RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION}" -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGETALLOCATOR_VERSION} " -a -o manager main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/Makefile b/Makefile index 6df879668..00fd159c6 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,7 @@ AUTO_INSTRUMENTATION_PYTHON_VERSION ?= "$(shell grep -v '\#' versions.txt | grep AUTO_INSTRUMENTATION_DOTNET_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-dotnet-instrumentation | awk -F= '{print $$2}')" DCGM_EXPORTER_VERSION ?= "$(shell grep -v '\#' versions.txt | grep dcgm-exporter | awk -F= '{print $$2}')" NEURON_MONITOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep neuron-monitor | awk -F= '{print $$2}')" +TARGETALLOCATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep targetallocator | awk -F= '{print $$2}')" # Image URL to use all building/pushing image targets IMG_PREFIX ?= aws @@ -154,7 +155,7 @@ generate: controller-gen api-docs # buildx is used to ensure same results for arm based systems (m1/2 chips) .PHONY: container container: - docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} . + docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGETALLOCATOR_VERSION=${TARGETALLOCATOR_VERSION} . # Push the container image, used only for local dev purposes .PHONY: container-push diff --git a/internal/config/options.go b/internal/config/options.go index ba365be0e..a6418827e 100644 --- a/internal/config/options.go +++ b/internal/config/options.go @@ -109,6 +109,12 @@ func WithNeuronMonitorImage(s string) Option { } } +func WithTargetAllocatorImage(s string) Option { + return func(o *options) { + o.targetAllocatorImage = s + } +} + func WithLabelFilters(labelFilters []string) Option { return func(o *options) { diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index e11d2e170..f3e8f4362 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -5,6 +5,11 @@ package collector import ( "encoding/json" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" + promconfig "github.com/prometheus/prometheus/config" + "time" _ "github.com/prometheus/prometheus/discovery/install" // Package install has the side-effect of registering all builtin. @@ -12,12 +17,70 @@ import ( "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ) +type targetAllocator struct { + Endpoint string `yaml:"endpoint"` + Interval time.Duration `yaml:"interval"` + CollectorID string `yaml:"collector_id"` + // HTTPSDConfig is a preference that can be set for the collector's target allocator, but the operator doesn't + // care about what the value is set to. We just need this for validation when unmarshalling the configmap. + HTTPSDConfig interface{} `yaml:"http_sd_config,omitempty"` +} + +type Config struct { + PromConfig *promconfig.Config `yaml:"config"` + TargetAllocConfig *targetAllocator `yaml:"target_allocator,omitempty"` +} + func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { + // Check if TargetAllocator is enabled, if not, return the original config + if !instance.Spec.TargetAllocator.Enabled { + return instance.Spec.Config, nil + } + config, err := adapters.ConfigFromJSONString(instance.Spec.Config) if err != nil { return "", err } + promCfgMap, getCfgPromErr := ta.ConfigToPromConfig(instance.Spec.Config) + if getCfgPromErr != nil { + return "", getCfgPromErr + } + + validateCfgPromErr := ta.ValidatePromConfig(promCfgMap, instance.Spec.TargetAllocator.Enabled, featuregate.EnableTargetAllocatorRewrite.IsEnabled()) + if validateCfgPromErr != nil { + return "", validateCfgPromErr + } + + if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { + // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters + // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. + updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + if getCfgPromErr != nil { + return "", getCfgPromErr + } + + // type coercion checks are handled in the AddTAConfigToPromConfig method above + config["receivers"].(map[interface{}]interface{})["prometheus"] = updPromCfgMap + + out, updCfgMarshalErr := json.Marshal(config) + if updCfgMarshalErr != nil { + return "", updCfgMarshalErr + } + + return string(out), nil + } + + // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters + // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. + updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + if err != nil { + return "", err + } + + // type coercion checks are handled in the ConfigToPromConfig method above + config["receivers"].(map[interface{}]interface{})["prometheus"] = updPromCfgMap + out, err := json.Marshal(config) if err != nil { return "", err diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go new file mode 100644 index 000000000..7adad992e --- /dev/null +++ b/internal/manifests/collector/config_replace_test.go @@ -0,0 +1,192 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package collector + +import ( + "os" + "testing" + + "github.com/prometheus/prometheus/discovery/http" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + colfeaturegate "go.opentelemetry.io/collector/featuregate" + "gopkg.in/yaml.v2" + + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" +) + +func TestPrometheusParser(t *testing.T) { + param, err := newParams("test/test-img", "testdata/http_sd_config_test.yaml") + assert.NoError(t, err) + + t.Run("should update config with http_sd_config", func(t *testing.T) { + err := colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), false) + require.NoError(t, err) + t.Cleanup(func() { + _ = colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), true) + }) + actualConfig, err := ReplaceConfig(param.OtelCol) + assert.NoError(t, err) + + // prepare + var cfg Config + promCfgMap, err := ta.ConfigToPromConfig(actualConfig) + assert.NoError(t, err) + + promCfg, err := yaml.Marshal(promCfgMap) + assert.NoError(t, err) + + err = yaml.UnmarshalStrict(promCfg, &cfg) + assert.NoError(t, err) + + // test + expectedMap := map[string]bool{ + "prometheus": false, + "service-x": false, + } + for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { + assert.Len(t, scrapeConfig.ServiceDiscoveryConfigs, 1) + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].Name(), "http") + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].(*http.SDConfig).URL, "http://test-targetallocator:80/jobs/"+scrapeConfig.JobName+"/targets?collector_id=$POD_NAME") + expectedMap[scrapeConfig.JobName] = true + } + for k := range expectedMap { + assert.True(t, expectedMap[k], k) + } + assert.True(t, cfg.TargetAllocConfig == nil) + }) + + t.Run("should update config with targetAllocator block if block not present", func(t *testing.T) { + // Set up the test scenario + param.OtelCol.Spec.TargetAllocator.Enabled = true + actualConfig, err := ReplaceConfig(param.OtelCol) + assert.NoError(t, err) + + // Verify the expected changes in the config + promCfgMap, err := ta.ConfigToPromConfig(actualConfig) + assert.NoError(t, err) + + prometheusConfig := promCfgMap["config"].(map[interface{}]interface{}) + + assert.NotContains(t, prometheusConfig, "scrape_configs") + + expectedTAConfig := map[interface{}]interface{}{ + "endpoint": "http://test-targetallocator:80", + "interval": "30s", + "collector_id": "${POD_NAME}", + } + assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) + assert.NoError(t, err) + }) + + t.Run("should update config with targetAllocator block if block already present", func(t *testing.T) { + // Set up the test scenario + paramTa, err := newParams("test/test-img", "testdata/http_sd_config_ta_test.yaml") + require.NoError(t, err) + paramTa.OtelCol.Spec.TargetAllocator.Enabled = true + + actualConfig, err := ReplaceConfig(paramTa.OtelCol) + assert.NoError(t, err) + + // Verify the expected changes in the config + promCfgMap, err := ta.ConfigToPromConfig(actualConfig) + assert.NoError(t, err) + + prometheusConfig := promCfgMap["config"].(map[interface{}]interface{}) + + assert.NotContains(t, prometheusConfig, "scrape_configs") + + expectedTAConfig := map[interface{}]interface{}{ + "endpoint": "http://test-targetallocator:80", + "interval": "30s", + "collector_id": "${POD_NAME}", + } + assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) + assert.NoError(t, err) + }) + + t.Run("should not update config with http_sd_config", func(t *testing.T) { + param.OtelCol.Spec.TargetAllocator.Enabled = false + actualConfig, err := ReplaceConfig(param.OtelCol) + assert.NoError(t, err) + + // prepare + var cfg Config + promCfgMap, err := ta.ConfigToPromConfig(actualConfig) + assert.NoError(t, err) + + promCfg, err := yaml.Marshal(promCfgMap) + assert.NoError(t, err) + + err = yaml.UnmarshalStrict(promCfg, &cfg) + assert.NoError(t, err) + + // test + expectedMap := map[string]bool{ + "prometheus": false, + "service-x": false, + } + for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { + assert.Len(t, scrapeConfig.ServiceDiscoveryConfigs, 2) + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].Name(), "file") + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[1].Name(), "static") + expectedMap[scrapeConfig.JobName] = true + } + for k := range expectedMap { + assert.True(t, expectedMap[k], k) + } + assert.True(t, cfg.TargetAllocConfig == nil) + }) + +} + +func TestReplaceConfig(t *testing.T) { + param, err := newParams("test/test-img", "testdata/relabel_config_original.yaml") + assert.NoError(t, err) + + t.Run("should not modify config when TargetAllocator is disabled", func(t *testing.T) { + param.OtelCol.Spec.TargetAllocator.Enabled = false + expectedConfigBytes, err := os.ReadFile("testdata/relabel_config_original.yaml") + assert.NoError(t, err) + expectedConfig := string(expectedConfigBytes) + + actualConfig, err := ReplaceConfig(param.OtelCol) + assert.NoError(t, err) + + assert.Equal(t, expectedConfig, actualConfig) + }) + + t.Run("should rewrite scrape configs with SD config when TargetAllocator is enabled and feature flag is not set", func(t *testing.T) { + err := colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), false) + require.NoError(t, err) + t.Cleanup(func() { + _ = colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), true) + }) + + param.OtelCol.Spec.TargetAllocator.Enabled = true + + expectedConfigBytes, err := os.ReadFile("testdata/relabel_config_expected_with_sd_config.yaml") + assert.NoError(t, err) + expectedConfig := string(expectedConfigBytes) + + actualConfig, err := ReplaceConfig(param.OtelCol) + assert.NoError(t, err) + + assert.Equal(t, expectedConfig, actualConfig) + }) + + t.Run("should remove scrape configs if TargetAllocator is enabled and feature flag is set", func(t *testing.T) { + param.OtelCol.Spec.TargetAllocator.Enabled = true + + expectedConfigBytes, err := os.ReadFile("testdata/config_expected_targetallocator.yaml") + assert.NoError(t, err) + expectedConfig := string(expectedConfigBytes) + + actualConfig, err := ReplaceConfig(param.OtelCol) + assert.NoError(t, err) + + assert.Equal(t, expectedConfig, actualConfig) + }) +} diff --git a/internal/manifests/collector/container.go b/internal/manifests/collector/container.go index 72527be74..dfed5be5e 100644 --- a/internal/manifests/collector/container.go +++ b/internal/manifests/collector/container.go @@ -75,6 +75,18 @@ func Container(cfg config.Config, logger logr.Logger, agent v1alpha1.AmazonCloud }, }) + if agent.Spec.TargetAllocator.Enabled { + // We need to add a SHARD here so the collector is able to keep targets after the hashmod operation which is + // added by default by the Prometheus operator's config generator. + // All collector instances use SHARD == 0 as they only receive targets + // allocated to them and should not use the Prometheus hashmod-based + // allocation. + envVars = append(envVars, corev1.EnvVar{ + Name: "SHARD", + Value: "0", + }) + } + if _, err := adapters.ConfigFromJSONString(agent.Spec.Config); err != nil { logger.Error(err, "error parsing config") } diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go new file mode 100644 index 000000000..0fe2e8c26 --- /dev/null +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -0,0 +1,439 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package adapters_test + +import ( + "errors" + "fmt" + "net/url" + "reflect" + "testing" + + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + + "github.com/stretchr/testify/assert" +) + +func TestExtractPromConfigFromConfig(t *testing.T) { + configStr := `receivers: + examplereceiver: + endpoint: "0.0.0.0:12345" + examplereceiver/settings: + endpoint: "0.0.0.0:12346" + prometheus: + config: + scrape_config: + job_name: otel-collector + scrape_interval: 10s + jaeger/custom: + protocols: + thrift_http: + endpoint: 0.0.0.0:15268 +` + expectedData := map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "scrape_config": map[interface{}]interface{}{ + "job_name": "otel-collector", + "scrape_interval": "10s", + }, + }, + } + + // test + promConfig, err := ta.ConfigToPromConfig(configStr) + assert.NoError(t, err) + + // verify + assert.Equal(t, expectedData, promConfig) +} + +func TestExtractPromConfigWithTAConfigFromConfig(t *testing.T) { + configStr := `receivers: + examplereceiver: + endpoint: "0.0.0.0:12345" + examplereceiver/settings: + endpoint: "0.0.0.0:12346" + prometheus: + config: + scrape_config: + job_name: otel-collector + scrape_interval: 10s + target_allocator: + endpoint: "test:80" + jaeger/custom: + protocols: + thrift_http: + endpoint: 0.0.0.0:15268 +` + expectedData := map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "scrape_config": map[interface{}]interface{}{ + "job_name": "otel-collector", + "scrape_interval": "10s", + }, + }, + "target_allocator": map[interface{}]interface{}{ + "endpoint": "test:80", + }, + } + + // test + promConfig, err := ta.ConfigToPromConfig(configStr) + assert.NoError(t, err) + + // verify + assert.Equal(t, expectedData, promConfig) +} + +func TestExtractPromConfigFromNullConfig(t *testing.T) { + configStr := `receivers: + examplereceiver: + endpoint: "0.0.0.0:12345" + examplereceiver/settings: + endpoint: "0.0.0.0:12346" + jaeger/custom: + protocols: + thrift_http: + endpoint: 0.0.0.0:15268 +` + + // test + promConfig, err := ta.ConfigToPromConfig(configStr) + assert.Equal(t, err, fmt.Errorf("no prometheus available as part of the configuration")) + + // verify + assert.True(t, reflect.ValueOf(promConfig).IsNil()) +} + +func TestUnescapeDollarSignsInPromConfig(t *testing.T) { + actual := ` +receivers: + prometheus: + config: + scrape_configs: + - job_name: 'example' + relabel_configs: + - source_labels: ['__meta_service_id'] + target_label: 'job' + replacement: 'my_service_$$1' + - source_labels: ['__meta_service_name'] + target_label: 'instance' + replacement: '$1' + metric_relabel_configs: + - source_labels: ['job'] + target_label: 'job' + replacement: '$$1_$2' +` + expected := ` +receivers: + prometheus: + config: + scrape_configs: + - job_name: 'example' + relabel_configs: + - source_labels: ['__meta_service_id'] + target_label: 'job' + replacement: 'my_service_$1' + - source_labels: ['__meta_service_name'] + target_label: 'instance' + replacement: '$1' + metric_relabel_configs: + - source_labels: ['job'] + target_label: 'job' + replacement: '$1_$2' +` + + config, err := ta.UnescapeDollarSignsInPromConfig(actual) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + expectedConfig, err := ta.UnescapeDollarSignsInPromConfig(expected) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + if !reflect.DeepEqual(config, expectedConfig) { + t.Errorf("unexpected config: got %v, want %v", config, expectedConfig) + } +} + +func TestAddHTTPSDConfigToPromConfig(t *testing.T) { + t.Run("ValidConfiguration, add http_sd_config", func(t *testing.T) { + cfg := map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "scrape_configs": []interface{}{ + map[interface{}]interface{}{ + "job_name": "test_job", + "static_configs": []interface{}{ + map[interface{}]interface{}{ + "targets": []interface{}{ + "localhost:9090", + }, + }, + }, + }, + }, + }, + } + taServiceName := "test-service" + expectedCfg := map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "scrape_configs": []interface{}{ + map[interface{}]interface{}{ + "job_name": "test_job", + "http_sd_configs": []interface{}{ + map[string]interface{}{ + "url": fmt.Sprintf("http://%s:80/jobs/%s/targets?collector_id=$POD_NAME", taServiceName, url.QueryEscape("test_job")), + }, + }, + }, + }, + }, + } + + actualCfg, err := ta.AddHTTPSDConfigToPromConfig(cfg, taServiceName) + assert.NoError(t, err) + assert.Equal(t, expectedCfg, actualCfg) + }) + + t.Run("invalid config property, returns error", func(t *testing.T) { + cfg := map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "job_name": "test_job", + "static_configs": []interface{}{ + map[interface{}]interface{}{ + "targets": []interface{}{ + "localhost:9090", + }, + }, + }, + }, + } + + taServiceName := "test-service" + + _, err := ta.AddHTTPSDConfigToPromConfig(cfg, taServiceName) + assert.Error(t, err) + assert.EqualError(t, err, "no scrape_configs available as part of the configuration") + }) +} + +func TestAddTAConfigToPromConfig(t *testing.T) { + t.Run("should return expected prom config map with TA config", func(t *testing.T) { + cfg := map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "scrape_configs": []interface{}{ + map[interface{}]interface{}{ + "job_name": "test_job", + "static_configs": []interface{}{ + map[interface{}]interface{}{ + "targets": []interface{}{ + "localhost:9090", + }, + }, + }, + }, + }, + }, + } + + taServiceName := "test-targetallocator" + + expectedResult := map[interface{}]interface{}{ + "config": map[interface{}]interface{}{}, + "target_allocator": map[interface{}]interface{}{ + "endpoint": "http://test-targetallocator:80", + "interval": "30s", + "collector_id": "${POD_NAME}", + }, + } + + result, err := ta.AddTAConfigToPromConfig(cfg, taServiceName) + + assert.NoError(t, err) + assert.Equal(t, expectedResult, result) + }) + + t.Run("missing or invalid prometheusConfig property, returns error", func(t *testing.T) { + testCases := []struct { + name string + cfg map[interface{}]interface{} + errText string + }{ + { + name: "missing config property", + cfg: map[interface{}]interface{}{}, + errText: "no prometheusConfig available as part of the configuration", + }, + { + name: "invalid config property", + cfg: map[interface{}]interface{}{ + "config": "invalid", + }, + errText: "prometheusConfig property in the configuration doesn't contain valid prometheusConfig", + }, + } + + taServiceName := "test-targetallocator" + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + _, err := ta.AddTAConfigToPromConfig(tc.cfg, taServiceName) + + assert.Error(t, err) + assert.EqualError(t, err, tc.errText) + }) + } + }) +} + +func TestValidatePromConfig(t *testing.T) { + testCases := []struct { + description string + config map[interface{}]interface{} + targetAllocatorEnabled bool + targetAllocatorRewriteEnabled bool + expectedError error + }{ + { + description: "target_allocator and rewrite enabled", + config: map[interface{}]interface{}{}, + targetAllocatorEnabled: true, + targetAllocatorRewriteEnabled: true, + expectedError: nil, + }, + { + description: "target_allocator enabled, target_allocator section present", + config: map[interface{}]interface{}{ + "target_allocator": map[interface{}]interface{}{}, + }, + targetAllocatorEnabled: true, + targetAllocatorRewriteEnabled: false, + expectedError: nil, + }, + { + description: "target_allocator enabled, config section present", + config: map[interface{}]interface{}{ + "config": map[interface{}]interface{}{}, + }, + targetAllocatorEnabled: true, + targetAllocatorRewriteEnabled: false, + expectedError: nil, + }, + { + description: "target_allocator enabled, neither section present", + config: map[interface{}]interface{}{}, + targetAllocatorEnabled: true, + targetAllocatorRewriteEnabled: false, + expectedError: errors.New("either target allocator or prometheus config needs to be present"), + }, + { + description: "target_allocator disabled, config section present", + config: map[interface{}]interface{}{ + "config": map[interface{}]interface{}{}, + }, + targetAllocatorEnabled: false, + targetAllocatorRewriteEnabled: false, + expectedError: nil, + }, + { + description: "target_allocator disabled, config section not present", + config: map[interface{}]interface{}{}, + targetAllocatorEnabled: false, + targetAllocatorRewriteEnabled: false, + expectedError: fmt.Errorf("no %s available as part of the configuration", "prometheusConfig"), + }, + } + + for _, testCase := range testCases { + testCase := testCase + t.Run(testCase.description, func(t *testing.T) { + err := ta.ValidatePromConfig(testCase.config, testCase.targetAllocatorEnabled, testCase.targetAllocatorRewriteEnabled) + assert.Equal(t, testCase.expectedError, err) + }) + } +} + +func TestValidateTargetAllocatorConfig(t *testing.T) { + testCases := []struct { + description string + config map[interface{}]interface{} + targetAllocatorPrometheusCR bool + expectedError error + }{ + { + description: "scrape configs present and PrometheusCR enabled", + config: map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "scrape_configs": []interface{}{ + map[interface{}]interface{}{ + "job_name": "test_job", + "static_configs": []interface{}{ + map[interface{}]interface{}{ + "targets": []interface{}{ + "localhost:9090", + }, + }, + }, + }, + }, + }, + }, + targetAllocatorPrometheusCR: true, + expectedError: nil, + }, + { + description: "scrape configs present and PrometheusCR disabled", + config: map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "scrape_configs": []interface{}{ + map[interface{}]interface{}{ + "job_name": "test_job", + "static_configs": []interface{}{ + map[interface{}]interface{}{ + "targets": []interface{}{ + "localhost:9090", + }, + }, + }, + }, + }, + }, + }, + targetAllocatorPrometheusCR: false, + expectedError: nil, + }, + { + description: "receiver config empty and PrometheusCR enabled", + config: map[interface{}]interface{}{}, + targetAllocatorPrometheusCR: true, + expectedError: nil, + }, + { + description: "receiver config empty and PrometheusCR disabled", + config: map[interface{}]interface{}{}, + targetAllocatorPrometheusCR: false, + expectedError: fmt.Errorf("no %s available as part of the configuration", "prometheusConfig"), + }, + { + description: "scrape configs empty and PrometheusCR disabled", + config: map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ + "scrape_configs": []interface{}{}, + }, + }, + targetAllocatorPrometheusCR: false, + expectedError: fmt.Errorf("either at least one scrape config needs to be defined or PrometheusCR needs to be enabled"), + }, + } + + for _, testCase := range testCases { + testCase := testCase + t.Run(testCase.description, func(t *testing.T) { + err := ta.ValidateTargetAllocatorConfig(testCase.targetAllocatorPrometheusCR, testCase.config) + assert.Equal(t, testCase.expectedError, err) + }) + } +} diff --git a/internal/manifests/targetallocator/annotations_test.go b/internal/manifests/targetallocator/annotations_test.go new file mode 100644 index 000000000..58b998791 --- /dev/null +++ b/internal/manifests/targetallocator/annotations_test.go @@ -0,0 +1,52 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "crypto/sha256" + "fmt" + "testing" + + "github.com/go-logr/logr" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" +) + +func TestPodAnnotations(t *testing.T) { + instance := collectorInstance() + instance.Spec.PodAnnotations = map[string]string{ + "key": "value", + } + annotations := Annotations(instance, nil) + assert.Subset(t, annotations, instance.Spec.PodAnnotations) +} + +func TestConfigMapHash(t *testing.T) { + cfg := config.New() + instance := collectorInstance() + params := manifests.Params{ + OtelCol: instance, + Config: cfg, + Log: logr.Discard(), + } + expectedConfigMap, err := ConfigMap(params) + require.NoError(t, err) + expectedConfig := expectedConfigMap.Data[targetAllocatorFilename] + require.NotEmpty(t, expectedConfig) + expectedHash := sha256.Sum256([]byte(expectedConfig)) + annotations := Annotations(instance, expectedConfigMap) + require.Contains(t, annotations, configMapHashAnnotationKey) + cmHash := annotations[configMapHashAnnotationKey] + assert.Equal(t, fmt.Sprintf("%x", expectedHash), cmHash) +} + +func TestInvalidConfigNoHash(t *testing.T) { + instance := collectorInstance() + instance.Spec.Config = "" + annotations := Annotations(instance, nil) + require.NotContains(t, annotations, configMapHashAnnotationKey) +} diff --git a/internal/manifests/targetallocator/configmap_test.go b/internal/manifests/targetallocator/configmap_test.go new file mode 100644 index 000000000..829e2efe8 --- /dev/null +++ b/internal/manifests/targetallocator/configmap_test.go @@ -0,0 +1,149 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "testing" + "time" + + "github.com/go-logr/logr" + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" +) + +func TestDesiredConfigMap(t *testing.T) { + expectedLables := map[string]string{ + "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", + "app.kubernetes.io/instance": "default.my-instance", + "app.kubernetes.io/part-of": "amazon-cloudwatch-agent", + "app.kubernetes.io/version": "0.47.0", + } + + t.Run("should return expected target allocator config map", func(t *testing.T) { + expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-targetallocator" + expectedLables["app.kubernetes.io/name"] = "my-instance-targetallocator" + + expectedData := map[string]string{ + "targetallocator.yaml": `allocation_strategy: least-weighted +config: + scrape_configs: + - job_name: otel-collector + scrape_interval: 10s + static_configs: + - targets: + - 0.0.0.0:8888 + - 0.0.0.0:9999 +label_selector: + app.kubernetes.io/component: amazon-cloudwatch-agent-collector + app.kubernetes.io/instance: default.my-instance + app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator + app.kubernetes.io/part-of: amazon-cloudwatch-agent +`, + } + instance := collectorInstance() + cfg := config.New() + params := manifests.Params{ + OtelCol: instance, + Config: cfg, + Log: logr.Discard(), + } + actual, err := ConfigMap(params) + assert.NoError(t, err) + + assert.Equal(t, "my-instance-targetallocator", actual.Name) + assert.Equal(t, expectedLables, actual.Labels) + assert.Equal(t, expectedData, actual.Data) + + }) + t.Run("should return expected target allocator config map with label selectors", func(t *testing.T) { + expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-targetallocator" + expectedLables["app.kubernetes.io/name"] = "my-instance-targetallocator" + + expectedData := map[string]string{ + "targetallocator.yaml": `allocation_strategy: least-weighted +config: + scrape_configs: + - job_name: otel-collector + scrape_interval: 10s + static_configs: + - targets: + - 0.0.0.0:8888 + - 0.0.0.0:9999 +label_selector: + app.kubernetes.io/component: amazon-cloudwatch-agent-collector + app.kubernetes.io/instance: default.my-instance + app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator + app.kubernetes.io/part-of: amazon-cloudwatch-agent +pod_monitor_selector: + release: my-instance +service_monitor_selector: + release: my-instance +`, + } + instance := collectorInstance() + instance.Spec.TargetAllocator.PrometheusCR.PodMonitorSelector = map[string]string{ + "release": "my-instance", + } + instance.Spec.TargetAllocator.PrometheusCR.ServiceMonitorSelector = map[string]string{ + "release": "my-instance", + } + cfg := config.New() + params := manifests.Params{ + OtelCol: instance, + Config: cfg, + Log: logr.Discard(), + } + actual, err := ConfigMap(params) + assert.NoError(t, err) + + assert.Equal(t, "my-instance-targetallocator", actual.Name) + assert.Equal(t, expectedLables, actual.Labels) + assert.Equal(t, expectedData, actual.Data) + + }) + t.Run("should return expected target allocator config map with scrape interval set", func(t *testing.T) { + expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-targetallocator" + expectedLables["app.kubernetes.io/name"] = "my-instance-targetallocator" + + expectedData := map[string]string{ + "targetallocator.yaml": `allocation_strategy: least-weighted +config: + scrape_configs: + - job_name: otel-collector + scrape_interval: 10s + static_configs: + - targets: + - 0.0.0.0:8888 + - 0.0.0.0:9999 +label_selector: + app.kubernetes.io/component: amazon-cloudwatch-agent-collector + app.kubernetes.io/instance: default.my-instance + app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator + app.kubernetes.io/part-of: amazon-cloudwatch-agent +prometheus_cr: + scrape_interval: 30s +`, + } + + collector := collectorInstance() + collector.Spec.TargetAllocator.PrometheusCR.ScrapeInterval = &metav1.Duration{Duration: time.Second * 30} + cfg := config.New() + params := manifests.Params{ + OtelCol: collector, + Config: cfg, + Log: logr.Discard(), + } + actual, err := ConfigMap(params) + assert.NoError(t, err) + + assert.Equal(t, "my-instance-targetallocator", actual.Name) + assert.Equal(t, expectedLables, actual.Labels) + assert.Equal(t, expectedData, actual.Data) + + }) + +} diff --git a/internal/manifests/targetallocator/container_test.go b/internal/manifests/targetallocator/container_test.go new file mode 100644 index 000000000..aadcc775d --- /dev/null +++ b/internal/manifests/targetallocator/container_test.go @@ -0,0 +1,359 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/apimachinery/pkg/util/intstr" + logf "sigs.k8s.io/controller-runtime/pkg/log" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" +) + +var logger = logf.Log.WithName("unit-tests") + +func TestContainerNewDefault(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{} + cfg := config.New(config.WithTargetAllocatorImage("default-image")) + + // test + c := Container(cfg, logger, otelcol) + + // verify + assert.Equal(t, "default-image", c.Image) +} + +func TestContainerWithImageOverridden(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Image: "overridden-image", + }, + }, + } + cfg := config.New(config.WithTargetAllocatorImage("default-image")) + + // test + c := Container(cfg, logger, otelcol) + + // verify + assert.Equal(t, "overridden-image", c.Image) +} + +func TestContainerPorts(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Image: "default-image", + }, + }, + } + cfg := config.New() + + // test + c := Container(cfg, logger, otelcol) + + // verify + assert.Len(t, c.Ports, 1) + assert.Equal(t, "http", c.Ports[0].Name) + assert.Equal(t, int32(8080), c.Ports[0].ContainerPort) +} + +func TestContainerVolumes(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Image: "default-image", + }, + }, + } + cfg := config.New() + + // test + c := Container(cfg, logger, otelcol) + + // verify + assert.Len(t, c.VolumeMounts, 1) + assert.Equal(t, naming.TAConfigMapVolume(), c.VolumeMounts[0].Name) +} + +func TestContainerResourceRequirements(t *testing.T) { + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("100m"), + corev1.ResourceMemory: resource.MustParse("128M"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("200m"), + corev1.ResourceMemory: resource.MustParse("256M"), + }, + }, + }, + }, + } + + cfg := config.New() + resourceTest := corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("100m"), + corev1.ResourceMemory: resource.MustParse("128M"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("200m"), + corev1.ResourceMemory: resource.MustParse("256M"), + }, + } + // test + c := Container(cfg, logger, otelcol) + resourcesValues := c.Resources + + // verify + assert.Equal(t, resourceTest, resourcesValues) +} + +func TestContainerHasEnvVars(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Env: []corev1.EnvVar{ + { + Name: "TEST_ENV", + Value: "test", + }, + }, + }, + }, + } + cfg := config.New(config.WithTargetAllocatorImage("default-image")) + + expected := corev1.Container{ + Name: "ta-container", + Image: "default-image", + Env: []corev1.EnvVar{ + { + Name: "TEST_ENV", + Value: "test", + }, + { + Name: "OTELCOL_NAMESPACE", + Value: "", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + APIVersion: "", + FieldPath: "metadata.namespace", + }, + ResourceFieldRef: nil, + ConfigMapKeyRef: nil, + SecretKeyRef: nil, + }, + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "ta-internal", + ReadOnly: false, + MountPath: "/conf", + SubPath: "", + MountPropagation: nil, + SubPathExpr: "", + }, + }, + Ports: []corev1.ContainerPort{ + { + Name: "http", + ContainerPort: 8080, + Protocol: corev1.ProtocolTCP, + }, + }, + ReadinessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/readyz", + Port: intstr.FromInt(8080), + }, + }, + }, + LivenessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/livez", + Port: intstr.FromInt(8080), + }, + }, + }, + } + + // test + c := Container(cfg, logger, otelcol) + + // verify + assert.Equal(t, expected, c) +} + +func TestContainerHasProxyEnvVars(t *testing.T) { + err := os.Setenv("NO_PROXY", "localhost") + require.NoError(t, err) + defer os.Unsetenv("NO_PROXY") + + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Env: []corev1.EnvVar{ + { + Name: "TEST_ENV", + Value: "test", + }, + }, + }, + }, + } + cfg := config.New(config.WithTargetAllocatorImage("default-image")) + + // test + c := Container(cfg, logger, otelcol) + + // verify + require.Len(t, c.Env, 4) + assert.Equal(t, corev1.EnvVar{Name: "NO_PROXY", Value: "localhost"}, c.Env[2]) + assert.Equal(t, corev1.EnvVar{Name: "no_proxy", Value: "localhost"}, c.Env[3]) +} + +func TestContainerDoesNotOverrideEnvVars(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Env: []corev1.EnvVar{ + { + Name: "OTELCOL_NAMESPACE", + Value: "test", + }, + }, + }, + }, + } + cfg := config.New(config.WithTargetAllocatorImage("default-image")) + + expected := corev1.Container{ + Name: "ta-container", + Image: "default-image", + Env: []corev1.EnvVar{ + { + Name: "OTELCOL_NAMESPACE", + Value: "test", + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "ta-internal", + ReadOnly: false, + MountPath: "/conf", + SubPath: "", + MountPropagation: nil, + SubPathExpr: "", + }, + }, + Ports: []corev1.ContainerPort{ + { + Name: "http", + ContainerPort: 8080, + Protocol: corev1.ProtocolTCP, + }, + }, + ReadinessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/readyz", + Port: intstr.FromInt(8080), + }, + }, + }, + LivenessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/livez", + Port: intstr.FromInt(8080), + }, + }, + }, + } + + // test + c := Container(cfg, logger, otelcol) + + // verify + assert.Equal(t, expected, c) +} +func TestReadinessProbe(t *testing.T) { + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + }, + } + cfg := config.New() + expected := &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/readyz", + Port: intstr.FromInt(8080), + }, + }, + } + + // test + c := Container(cfg, logger, otelcol) + + // verify + assert.Equal(t, expected, c.ReadinessProbe) +} +func TestLivenessProbe(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + }, + } + cfg := config.New() + expected := &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/livez", + Port: intstr.FromInt(8080), + }, + }, + } + + // test + c := Container(cfg, logger, otelcol) + + // verify + assert.Equal(t, expected, c.LivenessProbe) +} diff --git a/internal/manifests/targetallocator/deployment_test.go b/internal/manifests/targetallocator/deployment_test.go new file mode 100644 index 000000000..96901d0ac --- /dev/null +++ b/internal/manifests/targetallocator/deployment_test.go @@ -0,0 +1,361 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "fmt" + "os" + "testing" + + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" +) + +var testTolerationValues = []v1.Toleration{ + { + Key: "hii", + Value: "greeting", + Effect: "NoSchedule", + }, +} + +var testTopologySpreadConstraintValue = []v1.TopologySpreadConstraint{ + { + MaxSkew: 1, + TopologyKey: "kubernetes.io/hostname", + WhenUnsatisfiable: "DoNotSchedule", + LabelSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "foo": "bar", + }, + }, + }, +} + +var testAffinityValue = &v1.Affinity{ + NodeAffinity: &v1.NodeAffinity{ + RequiredDuringSchedulingIgnoredDuringExecution: &v1.NodeSelector{ + NodeSelectorTerms: []v1.NodeSelectorTerm{ + { + MatchExpressions: []v1.NodeSelectorRequirement{ + { + Key: "node", + Operator: v1.NodeSelectorOpIn, + Values: []string{"test-node"}, + }, + }, + }, + }, + }, + }, +} + +var runAsUser int64 = 1000 +var runAsGroup int64 = 1000 + +var testSecurityContextValue = &v1.PodSecurityContext{ + RunAsUser: &runAsUser, + RunAsGroup: &runAsGroup, +} + +func TestDeploymentSecurityContext(t *testing.T) { + // Test default + otelcol1 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance", + }, + } + + cfg := config.New() + + params1 := manifests.Params{ + OtelCol: otelcol1, + Config: cfg, + Log: logger, + } + d1, err := Deployment(params1) + if err != nil { + t.Fatal(err) + } + assert.Empty(t, d1.Spec.Template.Spec.SecurityContext) + + // Test SecurityContext + otelcol2 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance-securitycontext", + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + SecurityContext: testSecurityContextValue, + }, + }, + } + + cfg = config.New() + + params2 := manifests.Params{ + OtelCol: otelcol2, + Config: cfg, + Log: logger, + } + + d2, err := Deployment(params2) + if err != nil { + t.Fatal(err) + } + assert.Equal(t, *testSecurityContextValue, *d2.Spec.Template.Spec.SecurityContext) +} + +func TestDeploymentNewDefault(t *testing.T) { + // prepare + otelcol := collectorInstance() + cfg := config.New() + + params := manifests.Params{ + OtelCol: otelcol, + Config: cfg, + Log: logger, + } + + // test + d, err := Deployment(params) + + assert.NoError(t, err) + + // verify + assert.Equal(t, "my-instance-targetallocator", d.GetName()) + assert.Equal(t, "my-instance-targetallocator", d.GetLabels()["app.kubernetes.io/name"]) + + assert.Len(t, d.Spec.Template.Spec.Containers, 1) + + // should only have the ConfigMap hash annotation + assert.Contains(t, d.Spec.Template.Annotations, configMapHashAnnotationKey) + assert.Len(t, d.Spec.Template.Annotations, 1) + + // the pod selector should match the pod spec's labels + assert.Equal(t, d.Spec.Template.Labels, d.Spec.Selector.MatchLabels) +} + +func TestDeploymentPodAnnotations(t *testing.T) { + // prepare + testPodAnnotationValues := map[string]string{"annotation-key": "annotation-value"} + otelcol := collectorInstance() + otelcol.Spec.PodAnnotations = testPodAnnotationValues + cfg := config.New() + + params := manifests.Params{ + OtelCol: otelcol, + Config: cfg, + Log: logger, + } + + // test + ds, err := Deployment(params) + assert.NoError(t, err) + // verify + assert.Equal(t, "my-instance-targetallocator", ds.Name) + assert.Subset(t, ds.Spec.Template.Annotations, testPodAnnotationValues) +} + +func collectorInstance() v1alpha1.AmazonCloudWatchAgent { + configYAML, err := os.ReadFile("testdata/test.yaml") + if err != nil { + fmt.Printf("Error getting yaml file: %v", err) + } + return v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance", + Namespace: "default", + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Image: "ghcr.io/aws/amazon-cloudwatch-agent-operator/amazon-cloudwatch-agent-operator:0.47.0", + Config: string(configYAML), + }, + } +} + +func TestDeploymentNodeSelector(t *testing.T) { + // Test default + otelcol1 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance", + }, + } + + cfg := config.New() + + params1 := manifests.Params{ + OtelCol: otelcol1, + Config: cfg, + Log: logger, + } + d1, err := Deployment(params1) + assert.NoError(t, err) + assert.Empty(t, d1.Spec.Template.Spec.NodeSelector) + + // Test nodeSelector + otelcol2 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance-nodeselector", + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + NodeSelector: map[string]string{ + "node-key": "node-value", + }, + }, + }, + } + + cfg = config.New() + + params2 := manifests.Params{ + OtelCol: otelcol2, + Config: cfg, + Log: logger, + } + + d2, err := Deployment(params2) + assert.NoError(t, err) + assert.Equal(t, map[string]string{"node-key": "node-value"}, d2.Spec.Template.Spec.NodeSelector) +} +func TestDeploymentAffinity(t *testing.T) { + // Test default + otelcol1 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance", + }, + } + + cfg := config.New() + + params1 := manifests.Params{ + OtelCol: otelcol1, + Config: cfg, + Log: logger, + } + d1, err := Deployment(params1) + assert.NoError(t, err) + assert.Empty(t, d1.Spec.Template.Spec.Affinity) + + // Test affinity + otelcol2 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance-affinity", + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Affinity: testAffinityValue, + }, + }, + } + + cfg = config.New() + + params2 := manifests.Params{ + OtelCol: otelcol2, + Config: cfg, + Log: logger, + } + + d2, err := Deployment(params2) + assert.NoError(t, err) + assert.Equal(t, *testAffinityValue, *d2.Spec.Template.Spec.Affinity) +} + +func TestDeploymentTolerations(t *testing.T) { + // Test default + otelcol1 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance", + }, + } + + cfg := config.New() + params1 := manifests.Params{ + OtelCol: otelcol1, + Config: cfg, + Log: logger, + } + d1, err := Deployment(params1) + assert.NoError(t, err) + assert.Equal(t, "my-instance-targetallocator", d1.Name) + assert.Empty(t, d1.Spec.Template.Spec.Tolerations) + + // Test Tolerations + otelcol2 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance-toleration", + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Tolerations: testTolerationValues, + }, + }, + } + + params2 := manifests.Params{ + OtelCol: otelcol2, + Config: cfg, + Log: logger, + } + d2, err := Deployment(params2) + assert.NoError(t, err) + assert.Equal(t, "my-instance-toleration-targetallocator", d2.Name) + assert.NotNil(t, d2.Spec.Template.Spec.Tolerations) + assert.NotEmpty(t, d2.Spec.Template.Spec.Tolerations) + assert.Equal(t, testTolerationValues, d2.Spec.Template.Spec.Tolerations) +} + +func TestDeploymentTopologySpreadConstraints(t *testing.T) { + // Test default + otelcol1 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance", + }, + } + + cfg := config.New() + + params1 := manifests.Params{ + OtelCol: otelcol1, + Config: cfg, + Log: logger, + } + d1, err := Deployment(params1) + assert.NoError(t, err) + assert.Equal(t, "my-instance-targetallocator", d1.Name) + assert.Empty(t, d1.Spec.Template.Spec.TopologySpreadConstraints) + + // Test TopologySpreadConstraints + otelcol2 := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance-topologyspreadconstraint", + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + TopologySpreadConstraints: testTopologySpreadConstraintValue, + }, + }, + } + + cfg = config.New() + params2 := manifests.Params{ + OtelCol: otelcol2, + Config: cfg, + Log: logger, + } + + d2, err := Deployment(params2) + assert.NoError(t, err) + assert.Equal(t, "my-instance-topologyspreadconstraint-targetallocator", d2.Name) + assert.NotNil(t, d2.Spec.Template.Spec.TopologySpreadConstraints) + assert.NotEmpty(t, d2.Spec.Template.Spec.TopologySpreadConstraints) + assert.Equal(t, testTopologySpreadConstraintValue, d2.Spec.Template.Spec.TopologySpreadConstraints) +} diff --git a/internal/manifests/targetallocator/labels_test.go b/internal/manifests/targetallocator/labels_test.go new file mode 100644 index 000000000..7db287227 --- /dev/null +++ b/internal/manifests/targetallocator/labels_test.go @@ -0,0 +1,56 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "testing" + + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" +) + +const ( + name = "my-instance" + namespace = "my-ns" +) + +func TestLabelsCommonSet(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + } + + // test + labels := Labels(otelcol, name) + assert.Equal(t, "amazon-cloudwatch-agent-operator", labels["app.kubernetes.io/managed-by"]) + assert.Equal(t, "my-ns.my-instance", labels["app.kubernetes.io/instance"]) + assert.Equal(t, "amazon-cloudwatch-agent", labels["app.kubernetes.io/part-of"]) + assert.Equal(t, "amazon-cloudwatch-agent-targetallocator", labels["app.kubernetes.io/component"]) + assert.Equal(t, name, labels["app.kubernetes.io/name"]) +} + +func TestLabelsPropagateDown(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + "myapp": "mycomponent", + "app.kubernetes.io/name": "test", + }, + }, + } + + // test + labels := Labels(otelcol, name) + + // verify + assert.Len(t, labels, 6) + assert.Equal(t, "mycomponent", labels["myapp"]) + assert.Equal(t, "test", labels["app.kubernetes.io/name"]) +} diff --git a/internal/manifests/targetallocator/service_test.go b/internal/manifests/targetallocator/service_test.go new file mode 100644 index 000000000..1391d64fc --- /dev/null +++ b/internal/manifests/targetallocator/service_test.go @@ -0,0 +1,34 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "testing" + + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" +) + +func TestServicePorts(t *testing.T) { + otelcol := collectorInstance() + cfg := config.New() + + params := manifests.Params{ + OtelCol: otelcol, + Config: cfg, + Log: logger, + } + + ports := []v1.ServicePort{{Name: "targetallocation", Port: 80, TargetPort: intstr.FromString("http")}} + + s := Service(params) + + assert.Equal(t, ports[0].Name, s.Spec.Ports[0].Name) + assert.Equal(t, ports[0].Port, s.Spec.Ports[0].Port) + assert.Equal(t, ports[0].TargetPort, s.Spec.Ports[0].TargetPort) +} diff --git a/internal/manifests/targetallocator/serviceaccount_test.go b/internal/manifests/targetallocator/serviceaccount_test.go new file mode 100644 index 000000000..622f6b5a8 --- /dev/null +++ b/internal/manifests/targetallocator/serviceaccount_test.go @@ -0,0 +1,48 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "testing" + + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" +) + +func TestServiceAccountNewDefault(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance", + }, + } + + // test + sa := ServiceAccountName(otelcol) + + // verify + assert.Equal(t, "my-instance-collector", sa) +} + +func TestServiceAccountOverride(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-instance", + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + ServiceAccount: "my-special-sa", + }, + }, + } + + // test + sa := ServiceAccountName(otelcol) + + // verify + assert.Equal(t, "my-special-sa", sa) +} diff --git a/internal/manifests/targetallocator/testdata/test.yaml b/internal/manifests/targetallocator/testdata/test.yaml new file mode 100644 index 000000000..f03253f78 --- /dev/null +++ b/internal/manifests/targetallocator/testdata/test.yaml @@ -0,0 +1,22 @@ +processors: +receivers: + jaeger: + protocols: + grpc: + prometheus: + config: + scrape_configs: + - job_name: otel-collector + scrape_interval: 10s + static_configs: + - targets: [ '0.0.0.0:8888', '0.0.0.0:9999' ] + +exporters: + debug: + +service: + pipelines: + metrics: + receivers: [prometheus, jaeger] + processors: [] + exporters: [debug] diff --git a/internal/manifests/targetallocator/volume_test.go b/internal/manifests/targetallocator/volume_test.go new file mode 100644 index 000000000..9e60c7a9f --- /dev/null +++ b/internal/manifests/targetallocator/volume_test.go @@ -0,0 +1,32 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package targetallocator + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" +) + +func TestVolumeNewDefault(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{} + cfg := config.New() + + // test + volumes := Volumes(cfg, otelcol) + + // verify + assert.Len(t, volumes, 1) + + // check if the number of elements in the volume source items list is 1 + assert.Len(t, volumes[0].VolumeSource.ConfigMap.Items, 1) + + // check that it's the ta-internal volume, with the config map + assert.Equal(t, naming.TAConfigMapVolume(), volumes[0].Name) +} diff --git a/internal/version/main.go b/internal/version/main.go index 0c7807e5b..7f13bc338 100644 --- a/internal/version/main.go +++ b/internal/version/main.go @@ -22,6 +22,7 @@ var ( autoInstrumentationGo string dcgmExporter string neuronMonitor string + targetAllocator string ) // Version holds this Operator's version as well as the version of some of the components it uses. @@ -39,6 +40,7 @@ type Version struct { AutoInstrumentationNginx string `json:"auto-instrumentation-nginx"` DcgmExporter string `json:"dcgm-exporter-version"` NeuronMonitor string `json:"neuron-monitor-version"` + TargetAllocator string `json:"target-allocator-version"` } // Get returns the Version object with the relevant information. @@ -57,12 +59,13 @@ func Get() Version { AutoInstrumentationNginx: AutoInstrumentationNginx(), DcgmExporter: DcgmExporter(), NeuronMonitor: NeuronMonitor(), + TargetAllocator: TargetAllocator(), } } func (v Version) String() string { return fmt.Sprintf( - "Version(Operator='%v', BuildDate='%v', AmazonCloudWatchAgent='%v', Go='%v', AutoInstrumentationJava='%v', AutoInstrumentationNodeJS='%v', AutoInstrumentationPython='%v', AutoInstrumentationDotNet='%v', AutoInstrumentationGo='%v', AutoInstrumentationApacheHttpd='%v', AutoInstrumentationNginx='%v', DcgmExporter='%v', , NeuronMonitor='%v')", + "Version(Operator='%v', BuildDate='%v', AmazonCloudWatchAgent='%v', Go='%v', AutoInstrumentationJava='%v', AutoInstrumentationNodeJS='%v', AutoInstrumentationPython='%v', AutoInstrumentationDotNet='%v', AutoInstrumentationGo='%v', AutoInstrumentationApacheHttpd='%v', AutoInstrumentationNginx='%v', DcgmExporter='%v', , NeuronMonitor='%v', TargetAllocator='%v')", v.Operator, v.BuildDate, v.AmazonCloudWatchAgent, @@ -76,6 +79,7 @@ func (v Version) String() string { v.AutoInstrumentationNginx, v.DcgmExporter, v.NeuronMonitor, + v.TargetAllocator, ) } @@ -154,3 +158,14 @@ func NeuronMonitor() string { } return "0.0.0" } + +// TargetAllocator returns the default TargetAllocator to use when no versions are specified via CLI or configuration. +func TargetAllocator() string { + if len(targetAllocator) > 0 { + // this should always be set, as it's specified during the build + return targetAllocator + } + + // fallback value, useful for tests + return "0.0.0" +} diff --git a/internal/version/main_test.go b/internal/version/main_test.go index 9229c208c..ab0cfba3e 100644 --- a/internal/version/main_test.go +++ b/internal/version/main_test.go @@ -24,6 +24,21 @@ func TestVersionFromBuild(t *testing.T) { assert.Contains(t, Get().String(), otelCol) } +func TestTargetAllocatorFallbackVersion(t *testing.T) { + assert.Equal(t, "0.0.0", TargetAllocator()) +} + +func TestTargetAllocatorVersionFromBuild(t *testing.T) { + // prepare + targetAllocator = "0.0.2" // set during the build + defer func() { + targetAllocator = "" + }() + + assert.Equal(t, targetAllocator, TargetAllocator()) + assert.Contains(t, Get().String(), targetAllocator) +} + func TestAutoInstrumentationJavaFallbackVersion(t *testing.T) { assert.Equal(t, "0.0.0", AutoInstrumentationJava()) } diff --git a/main.go b/main.go index cf607e7bd..dc4d9b315 100644 --- a/main.go +++ b/main.go @@ -51,6 +51,7 @@ const ( autoInstrumentationDotNetImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet" dcgmExporterImageRepository = "nvcr.io/nvidia/k8s/dcgm-exporter" neuronMonitorImageRepository = "public.ecr.aws/neuron" + targetAllocatorImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/target-allocator" ) var ( @@ -124,6 +125,7 @@ func main() { tlsOpt tlsConfig dcgmExporterImage string neuronMonitorImage string + targetAllocatorImage string ) pflag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") @@ -137,6 +139,7 @@ func main() { pflag.StringVar(&autoInstrumentationConfigStr, "auto-instrumentation-config", "", "The configuration for auto-instrumentation.") stringFlagOrEnv(&dcgmExporterImage, "dcgm-exporter-image", "RELATED_IMAGE_DCGM_EXPORTER", fmt.Sprintf("%s:%s", dcgmExporterImageRepository, v.DcgmExporter), "The default DCGM Exporter image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&neuronMonitorImage, "neuron-monitor-image", "RELATED_IMAGE_NEURON_MONITOR", fmt.Sprintf("%s:%s", neuronMonitorImageRepository, v.NeuronMonitor), "The default Neuron monitor image. This image is used when no image is specified in the CustomResource.") + stringFlagOrEnv(&targetAllocatorImage, "target-allocator-image", "RELATED_IMAGE_TARGET_ALLOCATOR", fmt.Sprintf("%s:%s", targetAllocatorImageRepository, v.TargetAllocator), "The default OpenTelemetry target allocator image. This image is used when no image is specified in the CustomResource.") pflag.Parse() // set instrumentation cpu and memory limits in environment variables to be used for default instrumentation; default values received from https://github.com/open-telemetry/opentelemetry-operator/blob/main/apis/v1alpha1/instrumentation_webhook.go @@ -171,6 +174,7 @@ func main() { "auto-instrumentation-dotnet", autoInstrumentationDotNet, "dcgm-exporter", dcgmExporterImage, "neuron-monitor", neuronMonitorImage, + "amazon-cloudwatch-agent-targetallocator", targetAllocatorImage, "build-date", v.BuildDate, "go-version", v.Go, "go-arch", runtime.GOARCH, @@ -186,6 +190,7 @@ func main() { config.WithAutoInstrumentationDotNetImage(autoInstrumentationDotNet), config.WithDcgmExporterImage(dcgmExporterImage), config.WithNeuronMonitorImage(neuronMonitorImage), + config.WithTargetAllocatorImage(targetAllocatorImage), ) watchNamespace, found := os.LookupEnv("WATCH_NAMESPACE") diff --git a/versions.txt b/versions.txt index 89f400f1e..890ad434c 100644 --- a/versions.txt +++ b/versions.txt @@ -4,6 +4,9 @@ cloudwatch-agent=1.300041.0b681 # Represents the current release of the CloudWatch Agent Operator. operator=1.4.1 +# Represents the current release of the Target Allocator. +targetallocator=1.0.0 + # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 aws-otel-python-instrumentation=v0.2.0 From ca26265b440848bbc6bb0034f78b17f0a62d1979 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 01:53:22 -0400 Subject: [PATCH 03/99] Fixed tests. --- apis/v1alpha1/zz_generated.deepcopy.go | 96 +++++++++ .../manifests/collector/config_replace.go | 63 ------ .../collector/config_replace_test.go | 192 ------------------ .../targetallocator/configmap_test.go | 6 +- .../targetallocator/serviceaccount_test.go | 2 +- 5 files changed, 100 insertions(+), 259 deletions(-) delete mode 100644 internal/manifests/collector/config_replace_test.go diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index f11b337ae..c43116dd8 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -10,6 +10,7 @@ import ( v2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" ) @@ -133,6 +134,7 @@ func (in *AmazonCloudWatchAgentSpec) DeepCopyInto(out *AmazonCloudWatchAgentSpec (*out)[key] = val } } + in.TargetAllocator.DeepCopyInto(&out.TargetAllocator) if in.VolumeMounts != nil { in, out := &in.VolumeMounts, &out.VolumeMounts *out = make([]corev1.VolumeMount, len(*in)) @@ -264,6 +266,100 @@ func (in *AmazonCloudWatchAgentStatus) DeepCopy() *AmazonCloudWatchAgentStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AmazonCloudWatchAgentTargetAllocator) DeepCopyInto(out *AmazonCloudWatchAgentTargetAllocator) { + *out = *in + if in.Replicas != nil { + in, out := &in.Replicas, &out.Replicas + *out = new(int32) + **out = **in + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + in.Resources.DeepCopyInto(&out.Resources) + if in.Affinity != nil { + in, out := &in.Affinity, &out.Affinity + *out = new(corev1.Affinity) + (*in).DeepCopyInto(*out) + } + in.PrometheusCR.DeepCopyInto(&out.PrometheusCR) + if in.SecurityContext != nil { + in, out := &in.SecurityContext, &out.SecurityContext + *out = new(corev1.PodSecurityContext) + (*in).DeepCopyInto(*out) + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]corev1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Env != nil { + in, out := &in.Env, &out.Env + *out = make([]corev1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AmazonCloudWatchAgentTargetAllocator. +func (in *AmazonCloudWatchAgentTargetAllocator) DeepCopy() *AmazonCloudWatchAgentTargetAllocator { + if in == nil { + return nil + } + out := new(AmazonCloudWatchAgentTargetAllocator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AmazonCloudWatchAgentTargetAllocatorPrometheusCR) DeepCopyInto(out *AmazonCloudWatchAgentTargetAllocatorPrometheusCR) { + *out = *in + if in.ScrapeInterval != nil { + in, out := &in.ScrapeInterval, &out.ScrapeInterval + *out = new(metav1.Duration) + **out = **in + } + if in.PodMonitorSelector != nil { + in, out := &in.PodMonitorSelector, &out.PodMonitorSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.ServiceMonitorSelector != nil { + in, out := &in.ServiceMonitorSelector, &out.ServiceMonitorSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AmazonCloudWatchAgentTargetAllocatorPrometheusCR. +func (in *AmazonCloudWatchAgentTargetAllocatorPrometheusCR) DeepCopy() *AmazonCloudWatchAgentTargetAllocatorPrometheusCR { + if in == nil { + return nil + } + out := new(AmazonCloudWatchAgentTargetAllocatorPrometheusCR) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApacheHttpd) DeepCopyInto(out *ApacheHttpd) { *out = *in diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index f3e8f4362..e11d2e170 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -5,11 +5,6 @@ package collector import ( "encoding/json" - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" - "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" - promconfig "github.com/prometheus/prometheus/config" - "time" _ "github.com/prometheus/prometheus/discovery/install" // Package install has the side-effect of registering all builtin. @@ -17,70 +12,12 @@ import ( "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ) -type targetAllocator struct { - Endpoint string `yaml:"endpoint"` - Interval time.Duration `yaml:"interval"` - CollectorID string `yaml:"collector_id"` - // HTTPSDConfig is a preference that can be set for the collector's target allocator, but the operator doesn't - // care about what the value is set to. We just need this for validation when unmarshalling the configmap. - HTTPSDConfig interface{} `yaml:"http_sd_config,omitempty"` -} - -type Config struct { - PromConfig *promconfig.Config `yaml:"config"` - TargetAllocConfig *targetAllocator `yaml:"target_allocator,omitempty"` -} - func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { - // Check if TargetAllocator is enabled, if not, return the original config - if !instance.Spec.TargetAllocator.Enabled { - return instance.Spec.Config, nil - } - config, err := adapters.ConfigFromJSONString(instance.Spec.Config) if err != nil { return "", err } - promCfgMap, getCfgPromErr := ta.ConfigToPromConfig(instance.Spec.Config) - if getCfgPromErr != nil { - return "", getCfgPromErr - } - - validateCfgPromErr := ta.ValidatePromConfig(promCfgMap, instance.Spec.TargetAllocator.Enabled, featuregate.EnableTargetAllocatorRewrite.IsEnabled()) - if validateCfgPromErr != nil { - return "", validateCfgPromErr - } - - if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { - // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters - // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. - updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) - if getCfgPromErr != nil { - return "", getCfgPromErr - } - - // type coercion checks are handled in the AddTAConfigToPromConfig method above - config["receivers"].(map[interface{}]interface{})["prometheus"] = updPromCfgMap - - out, updCfgMarshalErr := json.Marshal(config) - if updCfgMarshalErr != nil { - return "", updCfgMarshalErr - } - - return string(out), nil - } - - // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters - // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. - updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) - if err != nil { - return "", err - } - - // type coercion checks are handled in the ConfigToPromConfig method above - config["receivers"].(map[interface{}]interface{})["prometheus"] = updPromCfgMap - out, err := json.Marshal(config) if err != nil { return "", err diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go deleted file mode 100644 index 7adad992e..000000000 --- a/internal/manifests/collector/config_replace_test.go +++ /dev/null @@ -1,192 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package collector - -import ( - "os" - "testing" - - "github.com/prometheus/prometheus/discovery/http" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - colfeaturegate "go.opentelemetry.io/collector/featuregate" - "gopkg.in/yaml.v2" - - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" -) - -func TestPrometheusParser(t *testing.T) { - param, err := newParams("test/test-img", "testdata/http_sd_config_test.yaml") - assert.NoError(t, err) - - t.Run("should update config with http_sd_config", func(t *testing.T) { - err := colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), false) - require.NoError(t, err) - t.Cleanup(func() { - _ = colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), true) - }) - actualConfig, err := ReplaceConfig(param.OtelCol) - assert.NoError(t, err) - - // prepare - var cfg Config - promCfgMap, err := ta.ConfigToPromConfig(actualConfig) - assert.NoError(t, err) - - promCfg, err := yaml.Marshal(promCfgMap) - assert.NoError(t, err) - - err = yaml.UnmarshalStrict(promCfg, &cfg) - assert.NoError(t, err) - - // test - expectedMap := map[string]bool{ - "prometheus": false, - "service-x": false, - } - for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { - assert.Len(t, scrapeConfig.ServiceDiscoveryConfigs, 1) - assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].Name(), "http") - assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].(*http.SDConfig).URL, "http://test-targetallocator:80/jobs/"+scrapeConfig.JobName+"/targets?collector_id=$POD_NAME") - expectedMap[scrapeConfig.JobName] = true - } - for k := range expectedMap { - assert.True(t, expectedMap[k], k) - } - assert.True(t, cfg.TargetAllocConfig == nil) - }) - - t.Run("should update config with targetAllocator block if block not present", func(t *testing.T) { - // Set up the test scenario - param.OtelCol.Spec.TargetAllocator.Enabled = true - actualConfig, err := ReplaceConfig(param.OtelCol) - assert.NoError(t, err) - - // Verify the expected changes in the config - promCfgMap, err := ta.ConfigToPromConfig(actualConfig) - assert.NoError(t, err) - - prometheusConfig := promCfgMap["config"].(map[interface{}]interface{}) - - assert.NotContains(t, prometheusConfig, "scrape_configs") - - expectedTAConfig := map[interface{}]interface{}{ - "endpoint": "http://test-targetallocator:80", - "interval": "30s", - "collector_id": "${POD_NAME}", - } - assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) - assert.NoError(t, err) - }) - - t.Run("should update config with targetAllocator block if block already present", func(t *testing.T) { - // Set up the test scenario - paramTa, err := newParams("test/test-img", "testdata/http_sd_config_ta_test.yaml") - require.NoError(t, err) - paramTa.OtelCol.Spec.TargetAllocator.Enabled = true - - actualConfig, err := ReplaceConfig(paramTa.OtelCol) - assert.NoError(t, err) - - // Verify the expected changes in the config - promCfgMap, err := ta.ConfigToPromConfig(actualConfig) - assert.NoError(t, err) - - prometheusConfig := promCfgMap["config"].(map[interface{}]interface{}) - - assert.NotContains(t, prometheusConfig, "scrape_configs") - - expectedTAConfig := map[interface{}]interface{}{ - "endpoint": "http://test-targetallocator:80", - "interval": "30s", - "collector_id": "${POD_NAME}", - } - assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) - assert.NoError(t, err) - }) - - t.Run("should not update config with http_sd_config", func(t *testing.T) { - param.OtelCol.Spec.TargetAllocator.Enabled = false - actualConfig, err := ReplaceConfig(param.OtelCol) - assert.NoError(t, err) - - // prepare - var cfg Config - promCfgMap, err := ta.ConfigToPromConfig(actualConfig) - assert.NoError(t, err) - - promCfg, err := yaml.Marshal(promCfgMap) - assert.NoError(t, err) - - err = yaml.UnmarshalStrict(promCfg, &cfg) - assert.NoError(t, err) - - // test - expectedMap := map[string]bool{ - "prometheus": false, - "service-x": false, - } - for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { - assert.Len(t, scrapeConfig.ServiceDiscoveryConfigs, 2) - assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].Name(), "file") - assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[1].Name(), "static") - expectedMap[scrapeConfig.JobName] = true - } - for k := range expectedMap { - assert.True(t, expectedMap[k], k) - } - assert.True(t, cfg.TargetAllocConfig == nil) - }) - -} - -func TestReplaceConfig(t *testing.T) { - param, err := newParams("test/test-img", "testdata/relabel_config_original.yaml") - assert.NoError(t, err) - - t.Run("should not modify config when TargetAllocator is disabled", func(t *testing.T) { - param.OtelCol.Spec.TargetAllocator.Enabled = false - expectedConfigBytes, err := os.ReadFile("testdata/relabel_config_original.yaml") - assert.NoError(t, err) - expectedConfig := string(expectedConfigBytes) - - actualConfig, err := ReplaceConfig(param.OtelCol) - assert.NoError(t, err) - - assert.Equal(t, expectedConfig, actualConfig) - }) - - t.Run("should rewrite scrape configs with SD config when TargetAllocator is enabled and feature flag is not set", func(t *testing.T) { - err := colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), false) - require.NoError(t, err) - t.Cleanup(func() { - _ = colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), true) - }) - - param.OtelCol.Spec.TargetAllocator.Enabled = true - - expectedConfigBytes, err := os.ReadFile("testdata/relabel_config_expected_with_sd_config.yaml") - assert.NoError(t, err) - expectedConfig := string(expectedConfigBytes) - - actualConfig, err := ReplaceConfig(param.OtelCol) - assert.NoError(t, err) - - assert.Equal(t, expectedConfig, actualConfig) - }) - - t.Run("should remove scrape configs if TargetAllocator is enabled and feature flag is set", func(t *testing.T) { - param.OtelCol.Spec.TargetAllocator.Enabled = true - - expectedConfigBytes, err := os.ReadFile("testdata/config_expected_targetallocator.yaml") - assert.NoError(t, err) - expectedConfig := string(expectedConfigBytes) - - actualConfig, err := ReplaceConfig(param.OtelCol) - assert.NoError(t, err) - - assert.Equal(t, expectedConfig, actualConfig) - }) -} diff --git a/internal/manifests/targetallocator/configmap_test.go b/internal/manifests/targetallocator/configmap_test.go index 829e2efe8..83d962436 100644 --- a/internal/manifests/targetallocator/configmap_test.go +++ b/internal/manifests/targetallocator/configmap_test.go @@ -38,7 +38,7 @@ config: - 0.0.0.0:8888 - 0.0.0.0:9999 label_selector: - app.kubernetes.io/component: amazon-cloudwatch-agent-collector + app.kubernetes.io/component: amazon-cloudwatch-agent app.kubernetes.io/instance: default.my-instance app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator app.kubernetes.io/part-of: amazon-cloudwatch-agent @@ -74,7 +74,7 @@ config: - 0.0.0.0:8888 - 0.0.0.0:9999 label_selector: - app.kubernetes.io/component: amazon-cloudwatch-agent-collector + app.kubernetes.io/component: amazon-cloudwatch-agent app.kubernetes.io/instance: default.my-instance app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator app.kubernetes.io/part-of: amazon-cloudwatch-agent @@ -120,7 +120,7 @@ config: - 0.0.0.0:8888 - 0.0.0.0:9999 label_selector: - app.kubernetes.io/component: amazon-cloudwatch-agent-collector + app.kubernetes.io/component: amazon-cloudwatch-agent app.kubernetes.io/instance: default.my-instance app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator app.kubernetes.io/part-of: amazon-cloudwatch-agent diff --git a/internal/manifests/targetallocator/serviceaccount_test.go b/internal/manifests/targetallocator/serviceaccount_test.go index 622f6b5a8..0f350d4b2 100644 --- a/internal/manifests/targetallocator/serviceaccount_test.go +++ b/internal/manifests/targetallocator/serviceaccount_test.go @@ -24,7 +24,7 @@ func TestServiceAccountNewDefault(t *testing.T) { sa := ServiceAccountName(otelcol) // verify - assert.Equal(t, "my-instance-collector", sa) + assert.Equal(t, "my-instance", sa) } func TestServiceAccountOverride(t *testing.T) { From 3a871af34acd4a237d34d943cdc7732ca1b73d44 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 03:17:29 -0400 Subject: [PATCH 04/99] Update crds. --- ...aws.amazon.com_amazoncloudwatchagents.yaml | 1218 +++++++++++++++++ 1 file changed, 1218 insertions(+) diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml index bb5b8cc97..cfe6a3303 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml @@ -5028,6 +5028,1224 @@ spec: account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector. type: string + targetAllocator: + description: TargetAllocator indicates a value which determines whether + to spawn a target allocation resource or not. + properties: + affinity: + description: If specified, indicates the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector in + the specified namespaces, where co-located + is defined as running on a node whose ' + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-locate + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose ' + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector in + the specified namespaces, where co-located + is defined as running on a node whose ' + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-locate + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. + items: + type: string + type: array + topologyKey: + description: 'This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose ' + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + allocationStrategy: + description: AllocationStrategy determines which strategy the + target allocator should use for allocation. The current options + are least-weighted and consistent-hashing. The default option + is least-weighted + enum: + - least-weighted + - consistent-hashing + type: string + enabled: + description: Enabled indicates whether to use a target allocation + mechanism for Prometheus targets or not. + type: boolean + env: + description: ENV vars to set on the OpenTelemetry TargetAllocator's + Pods. These can then in certain cases be consumed in the config + file for the TargetAllocator. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + filterStrategy: + description: FilterStrategy determines how to filter targets before + allocating them among the collectors. The only current option + is relabel-config (drops targets based on prom relabel_config). + type: string + image: + description: Image indicates the container image to use for the + OpenTelemetry TargetAllocator. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to schedule OpenTelemetry TargetAllocator + pods. + type: object + prometheusCR: + description: PrometheusCR defines the configuration for the retrieval + of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 + and podmonitor.monitoring.coreos.com/v1 ) retrieval. + properties: + enabled: + description: Enabled indicates whether to use a PrometheusOperator + custom resources as targets or not. + type: boolean + podMonitorSelector: + additionalProperties: + type: string + description: PodMonitors to be selected for target discovery. + This is a map of {key,value} pairs. Each {key,value} in + the map is going to exactly match a label in a PodMonitor's + meta labels. + type: object + scrapeInterval: + default: 30s + description: "Interval between consecutive scrapes. Equivalent + to the same setting on the Prometheus CRD. \n Default: \"30s\"" + format: duration + type: string + serviceMonitorSelector: + additionalProperties: + type: string + description: ServiceMonitors to be selected for target discovery. + This is a map of {key,value} pairs. Each {key,value} in + the map is going to exactly match a label in a ServiceMonitor's + meta labels. + type: object + type: object + replicas: + description: Replicas is the number of pod instances for the underlying + TargetAllocator. This should only be set to a value other than + 1 if a strategy that allows for high availability is chosen. + format: int32 + type: integer + resources: + description: Resources to set on the OpenTelemetryTargetAllocator + containers. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes the minimum amount of compute + resources required. + type: object + type: object + securityContext: + description: SecurityContext configures the container security + context for the targetallocator. + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1." + format: int64 + type: integer + fsGroupChangePolicy: + description: fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for th + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. + type: string + type: object + type: object + serviceAccount: + description: ServiceAccount indicates the name of an existing + service account to use with this instance. When set, the operator + will not automatically create a ServiceAccount for the TargetAllocator. + type: string + tolerations: + description: Toleration embedded kubernetes pod configuration + option, controls how pods can be scheduled with matching taints + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints embedded kubernetes pod + configuration option, controls how pods are spread across your + cluster among failure-domains such as regions, zones, nodes, + and other user-defined top + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select the pods over which spreading will be calculated. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: MaxSkew describes the degree to which pods + may be unevenly distributed. + format: int32 + type: integer + minDomains: + description: MinDomains indicates a minimum number of eligible + domains. + format: int32 + type: integer + nodeAffinityPolicy: + description: NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. + type: string + nodeTaintsPolicy: + description: NodeTaintsPolicy indicates how we will treat + node taints when calculating pod topology spread skew. + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. + type: string + whenUnsatisfiable: + description: WhenUnsatisfiable indicates how to deal with + a pod if it doesn't satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object terminationGracePeriodSeconds: description: Duration in seconds the pod needs to terminate gracefully upon probe failure. From 075562259c2e4a1896c2a95dd5e95e4c2acd129e Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 03:48:25 -0400 Subject: [PATCH 05/99] Updated docs. --- docs/api.md | 2272 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2272 insertions(+) diff --git a/docs/api.md b/docs/api.md index 0402e3a10..5fa8eafb9 100644 --- a/docs/api.md +++ b/docs/api.md @@ -315,6 +315,13 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
false + + targetAllocator + object + + TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not.
+ + false terminationGracePeriodSeconds integer @@ -8949,6 +8956,2271 @@ The Windows specific settings applied to all containers. If unspecified, the opt +### AmazonCloudWatchAgent.spec.targetAllocator +[↩ Parent](#amazoncloudwatchagentspec) + + + +TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
affinityobject + If specified, indicates the pod's scheduling constraints
+ 		false
allocationStrategyenum + AllocationStrategy determines which strategy the target allocator should use for allocation. The current options are least-weighted and consistent-hashing. The default option is least-weighted
+
+ Enum: least-weighted, consistent-hashing
+ 		false
enabledboolean + Enabled indicates whether to use a target allocation mechanism for Prometheus targets or not.
+ 		false
env[]object + ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be consumed in the config file for the TargetAllocator.
+ 		false
filterStrategystring + FilterStrategy determines how to filter targets before allocating them among the collectors. The only current option is relabel-config (drops targets based on prom relabel_config).
+ 		false
imagestring + Image indicates the container image to use for the OpenTelemetry TargetAllocator.
+ 		false
nodeSelectormap[string]string + NodeSelector to schedule OpenTelemetry TargetAllocator pods.
+ 		false
prometheusCRobject + PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval.
+ 		false
replicasinteger + Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value other than 1 if a strategy that allows for high availability is chosen.
+
+ Format: int32
+ 		false
resourcesobject + Resources to set on the OpenTelemetryTargetAllocator containers.
+ 		false
securityContextobject + SecurityContext configures the container security context for the targetallocator.
+ 		false
serviceAccountstring + ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the TargetAllocator.
+ 		false
tolerations[]object + Toleration embedded kubernetes pod configuration option, controls how pods can be scheduled with matching taints
+ 		false
topologySpreadConstraints[]object + TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined top
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +If specified, indicates the pod's scheduling constraints + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
nodeAffinityobject + Describes node affinity scheduling rules for the pod.
+ 		false
podAffinityobject + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ 		false
podAntiAffinityobject + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) + + + +Describes node affinity scheduling rules for the pod. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+ 		false
requiredDuringSchedulingIgnoredDuringExecutionobject + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) + + + +An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferenceobject + A node selector term, associated with the corresponding weight.
+ 		true
weightinteger + Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+ Format: int32
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindex) + + + +A node selector term, associated with the corresponding weight. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + A list of node selector requirements by node's labels.
+ 		false
matchFields[]object + A list of node selector requirements by node's fields.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) + + + +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) + + + +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) + + + +If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
nodeSelectorTerms[]object + Required. A list of node selector terms. The terms are ORed.
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecution) + + + +A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + A list of node selector requirements by node's labels.
+ 		false
matchFields[]object + A list of node selector requirements by node's fields.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) + + + +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) + + + +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) + + + +Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object + The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+ 		false
requiredDuringSchedulingIgnoredDuringExecution[]object + If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) + + + +The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
podAffinityTermobject + Required. A pod affinity term, associated with the corresponding weight.
+ 		true
weightinteger + weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+ Format: int32
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindex) + + + +Required. A pod affinity term, associated with the corresponding weight. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over a set of resources, in this case pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) + + + +Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-locate + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over a set of resources, in this case pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) + + + +Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object + The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
+ 		false
requiredDuringSchedulingIgnoredDuringExecution[]object + If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) + + + +The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
podAffinityTermobject + Required. A pod affinity term, associated with the corresponding weight.
+ 		true
weightinteger + weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+ Format: int32
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindex) + + + +Required. A pod affinity term, associated with the corresponding weight. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over a set of resources, in this case pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) + + + +Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-locate + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over a set of resources, in this case pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. Must be a C_IDENTIFIER.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables.
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindex) + + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.configMapKeyRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
namestring + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.fieldRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.resourceFieldRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.secretKeyRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.prometheusCR +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Enabled indicates whether to use a PrometheusOperator custom resources as targets or not.
+ 		false
podMonitorSelectormap[string]string + PodMonitors to be selected for target discovery. This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a PodMonitor's meta labels.
+ 		false
scrapeIntervalstring + Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. + Default: "30s"
+
+ Format: duration
+ Default: 30s
+ 		false
serviceMonitorSelectormap[string]string + ServiceMonitors to be selected for target discovery. This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a ServiceMonitor's meta labels.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.resources +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +Resources to set on the OpenTelemetryTargetAllocator containers. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claims[]object + Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+ 		false
limitsmap[string]int or string + Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.resources.claims[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatorresources) + + + +ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +SecurityContext configures the container security context for the targetallocator. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fsGroupinteger + A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: + 1.
+
+ Format: int64
+ 		false
fsGroupChangePolicystring + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod.
+ 		false
runAsGroupinteger + The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.
+
+ Format: int64
+ 		false
runAsNonRootboolean + Indicates that the container must run as a non-root user.
+ 		false
runAsUserinteger + The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext.
+
+ Format: int64
+ 		false
seLinuxOptionsobject + The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext.
+ 		false
seccompProfileobject + The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ 		false
supplementalGroups[]integer + A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for th
+ 		false
sysctls[]object + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.
+ 		false
windowsOptionsobject + The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seLinuxOptions +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
levelstring + Level is SELinux level label that applies to the container.
+ 		false
rolestring + Role is a SELinux role label that applies to the container.
+ 		false
typestring + Type is a SELinux type label that applies to the container.
+ 		false
userstring + User is a SELinux user label that applies to the container.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seccompProfile +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of seccomp profile will be applied. Valid options are: + Localhost - a profile defined in a file on the node should be used.
+ 		true
localhostProfilestring + localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.sysctls[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +Sysctl defines a kernel parameter to be set + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of a property to set
+ 		true
valuestring + Value of a property to set
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.windowsOptions +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
gmsaCredentialSpecstring + GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ 		false
gmsaCredentialSpecNamestring + GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ 		false
hostProcessboolean + HostProcess determines if a container should be run as a 'Host Process' container.
+ 		false
runAsUserNamestring + The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.tolerations[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +TopologySpreadConstraint specifies how to spread matching pods among the given topology. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
maxSkewinteger + MaxSkew describes the degree to which pods may be unevenly distributed.
+
+ Format: int32
+ 		true
topologyKeystring + TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology.
+ 		true
whenUnsatisfiablestring + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it.
+ 		true
labelSelectorobject + LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated.
+ 		false
minDomainsinteger + MinDomains indicates a minimum number of eligible domains.
+
+ Format: int32
+ 		false
nodeAffinityPolicystring + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew.
+ 		false
nodeTaintsPolicystring + NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindex) + + + +LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
+ 		false
+ + ### AmazonCloudWatchAgent.spec.tolerations[index] [↩ Parent](#amazoncloudwatchagentspec) From a77533f8bdbdb7941a7b38c30c69c36ca472affd Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 14:24:48 -0400 Subject: [PATCH 06/99] Reversed crd changes. --- ...aws.amazon.com_amazoncloudwatchagents.yaml | 1218 ----------------- 1 file changed, 1218 deletions(-) diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml index cfe6a3303..bb5b8cc97 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml @@ -5028,1224 +5028,6 @@ spec: account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector. type: string - targetAllocator: - description: TargetAllocator indicates a value which determines whether - to spawn a target allocation resource or not. - properties: - affinity: - description: If specified, indicates the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. - items: - type: string - type: array - topologyKey: - description: 'This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector in - the specified namespaces, where co-located - is defined as running on a node whose ' - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-locate - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. - items: - type: string - type: array - topologyKey: - description: 'This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose ' - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. - items: - type: string - type: array - topologyKey: - description: 'This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector in - the specified namespaces, where co-located - is defined as running on a node whose ' - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-locate - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. - items: - type: string - type: array - topologyKey: - description: 'This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose ' - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - allocationStrategy: - description: AllocationStrategy determines which strategy the - target allocator should use for allocation. The current options - are least-weighted and consistent-hashing. The default option - is least-weighted - enum: - - least-weighted - - consistent-hashing - type: string - enabled: - description: Enabled indicates whether to use a target allocation - mechanism for Prometheus targets or not. - type: boolean - env: - description: ENV vars to set on the OpenTelemetry TargetAllocator's - Pods. These can then in certain cases be consumed in the config - file for the TargetAllocator. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - filterStrategy: - description: FilterStrategy determines how to filter targets before - allocating them among the collectors. The only current option - is relabel-config (drops targets based on prom relabel_config). - type: string - image: - description: Image indicates the container image to use for the - OpenTelemetry TargetAllocator. - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector to schedule OpenTelemetry TargetAllocator - pods. - type: object - prometheusCR: - description: PrometheusCR defines the configuration for the retrieval - of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 - and podmonitor.monitoring.coreos.com/v1 ) retrieval. - properties: - enabled: - description: Enabled indicates whether to use a PrometheusOperator - custom resources as targets or not. - type: boolean - podMonitorSelector: - additionalProperties: - type: string - description: PodMonitors to be selected for target discovery. - This is a map of {key,value} pairs. Each {key,value} in - the map is going to exactly match a label in a PodMonitor's - meta labels. - type: object - scrapeInterval: - default: 30s - description: "Interval between consecutive scrapes. Equivalent - to the same setting on the Prometheus CRD. \n Default: \"30s\"" - format: duration - type: string - serviceMonitorSelector: - additionalProperties: - type: string - description: ServiceMonitors to be selected for target discovery. - This is a map of {key,value} pairs. Each {key,value} in - the map is going to exactly match a label in a ServiceMonitor's - meta labels. - type: object - type: object - replicas: - description: Replicas is the number of pod instances for the underlying - TargetAllocator. This should only be set to a value other than - 1 if a strategy that allows for high availability is chosen. - format: int32 - type: integer - resources: - description: Resources to set on the OpenTelemetryTargetAllocator - containers. - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Requests describes the minimum amount of compute - resources required. - type: object - type: object - securityContext: - description: SecurityContext configures the container security - context for the targetallocator. - properties: - fsGroup: - description: "A special supplemental group that applies to - all containers in a pod. Some volume types allow the Kubelet - to change the ownership of that volume to be owned by the - pod: \n 1." - format: int64 - type: integer - fsGroupChangePolicy: - description: fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in SecurityContext. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in SecurityContext. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - SecurityContext. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must - be preconfigured on the node to work. - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a - profile defined in a file on the node should be used." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process - run in each container, in addition to the container's primary - GID, the fsGroup (if specified), and group memberships defined - in the container image for th - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. Note that this field cannot - be set when spec.os. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options within a container's - SecurityContext will be used. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. - type: string - type: object - type: object - serviceAccount: - description: ServiceAccount indicates the name of an existing - service account to use with this instance. When set, the operator - will not automatically create a ServiceAccount for the TargetAllocator. - type: string - tolerations: - description: Toleration embedded kubernetes pod configuration - option, controls how pods can be scheduled with matching taints - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints embedded kubernetes pod - configuration option, controls how pods are spread across your - cluster among failure-domains such as regions, zones, nodes, - and other user-defined top - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select the pods over which spreading will be calculated. - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: MaxSkew describes the degree to which pods - may be unevenly distributed. - format: int32 - type: integer - minDomains: - description: MinDomains indicates a minimum number of eligible - domains. - format: int32 - type: integer - nodeAffinityPolicy: - description: NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. - type: string - nodeTaintsPolicy: - description: NodeTaintsPolicy indicates how we will treat - node taints when calculating pod topology spread skew. - type: string - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. - type: string - whenUnsatisfiable: - description: WhenUnsatisfiable indicates how to deal with - a pod if it doesn't satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - type: object terminationGracePeriodSeconds: description: Duration in seconds the pod needs to terminate gracefully upon probe failure. From 1d8a923171bc2b90372b82db899d85f6ca1376d0 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 14:35:08 -0400 Subject: [PATCH 07/99] Generated files. --- apis/v1alpha1/zz_generated.deepcopy.go | 4 +- apis/v1alpha2/zz_generated.deepcopy.go | 5 +- ...aws.amazon.com_amazoncloudwatchagents.yaml | 8288 ++++++++++------- ...oudwatch.aws.amazon.com_dcgmexporters.yaml | 2674 +++--- ...watch.aws.amazon.com_instrumentations.yaml | 915 +- ...udwatch.aws.amazon.com_neuronmonitors.yaml | 2875 +++--- docs/api.md | 2272 ----- 7 files changed, 8226 insertions(+), 8807 deletions(-) diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index c43116dd8..e5f418b27 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -7,9 +7,9 @@ package v1alpha1 import ( - v2 "k8s.io/api/autoscaling/v2" + "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/networking/v1" + "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 2833a1325..e840621e9 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -7,10 +7,9 @@ package v1alpha2 import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "k8s.io/api/core/v1" + runtime "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml index bb5b8cc97..1fd4f5252 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: amazoncloudwatchagents.cloudwatch.aws.amazon.com spec: group: cloudwatch.aws.amazon.com @@ -46,14 +46,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -61,51 +66,54 @@ spec: description: AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. properties: additionalContainers: - description: "AdditionalContainers allows injecting additional containers - into the Collector's pod definition. These sidecar containers can - be used for authentication proxies, log shipping sidecars, agents - for shipping metrics to their cloud, or in general sidecars that - do not support automatic injection. This option only applies to - Deployment, DaemonSet, and StatefulSet deployment modes of the collector. - It does not apply to the sidecar deployment mode. More info about - sidecars: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - \n Container names managed by the operator: * `otc-container` \n - Overriding containers managed by the operator is outside the scope - of what the maintainers will support and by doing so, you wil accept - the risk of it breaking things." + description: |- + AdditionalContainers allows injecting additional containers into the Collector's pod definition. + These sidecar containers can be used for authentication proxies, log shipping sidecars, agents for shipping + metrics to their cloud, or in general sidecars that do not support automatic injection. This option only + applies to Deployment, DaemonSet, and StatefulSet deployment modes of the collector. It does not apply to the sidecar + deployment mode. More info about sidecars: + https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + + + Container names managed by the operator: + * `otc-container` + + + Overriding containers managed by the operator is outside the scope of what the maintainers will support and by + doing so, you wil accept the risk of it breaking things. items: description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array env: - description: List of environment variables to set in the container. + description: |- + List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present @@ -116,16 +124,16 @@ spec: a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -138,10 +146,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or @@ -152,11 +160,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -171,11 +177,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -205,10 +209,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its @@ -224,13 +228,13 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -239,9 +243,10 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be @@ -257,9 +262,10 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -269,40 +275,42 @@ spec: type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -311,9 +319,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -323,9 +331,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -342,13 +350,15 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port @@ -366,10 +376,10 @@ spec: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect to, @@ -379,40 +389,37 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -421,9 +428,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -433,9 +440,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -452,13 +459,15 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port @@ -476,10 +485,10 @@ spec: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect to, @@ -489,9 +498,10 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -499,30 +509,30 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -534,10 +544,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -546,9 +558,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP @@ -558,9 +570,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -577,33 +589,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. + description: |- + Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -618,78 +632,82 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. + description: |- + Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: @@ -701,30 +719,30 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -736,10 +754,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -748,9 +768,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP @@ -760,9 +780,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -779,33 +799,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. + description: |- + Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -820,34 +842,33 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object @@ -858,12 +879,14 @@ spec: policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -872,22 +895,29 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -904,8 +934,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -914,52 +945,52 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -977,60 +1008,60 @@ spec: type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -1050,98 +1081,93 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -1153,10 +1179,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -1165,9 +1193,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP @@ -1177,9 +1205,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1196,33 +1224,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. + description: |- + Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -1237,77 +1267,76 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. type: boolean volumeDevices: description: volumeDevices is the list of block devices to be @@ -1330,40 +1359,44 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. + description: |- + Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1371,9 +1404,11 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string required: - name @@ -1387,22 +1422,20 @@ spec: pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the @@ -1412,30 +1445,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -1448,30 +1477,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -1493,50 +1518,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -1549,30 +1570,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -1594,16 +1611,15 @@ spec: this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm @@ -1614,37 +1630,33 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -1657,89 +1669,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -1752,40 +1749,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -1794,53 +1788,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1852,84 +1844,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1941,32 +1923,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: @@ -1980,16 +1958,15 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm @@ -2000,37 +1977,33 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2043,89 +2016,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2138,40 +2096,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -2180,53 +2135,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2238,84 +2191,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2327,32 +2270,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: @@ -2368,35 +2307,34 @@ spec: Collector binary type: object autoscaler: - description: Autoscaler specifies the pod autoscaling configuration - to use for the AmazonCloudWatchAgent workload. + description: |- + Autoscaler specifies the pod autoscaling configuration to use + for the AmazonCloudWatchAgent workload. properties: behavior: - description: HorizontalPodAutoscalerBehavior configures the scaling - behavior of the target in both Up and Down directions (scaleUp - and scaleDown fields respectively). + description: |- + HorizontalPodAutoscalerBehavior configures the scaling behavior of the target + in both Up and Down directions (scaleUp and scaleDown fields respectively). properties: scaleDown: - description: scaleDown is scaling policy for scaling Down. - If not set, the default value is to allow to scale down - to minReplicas pods, with a 300 second stabilization window - (i.e., the highest recommendation for the last 300sec is - used). + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). properties: policies: - description: policies is a list of potential scaling polices - which can be used during scaling. At least one policy - must be specified, otherwise the HPAScalingRules will - be discarded as invalid + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid items: description: HPAScalingPolicy is a single policy which must hold true for a specified past interval. properties: periodSeconds: - description: periodSeconds specifies the window - of time for which the policy should hold true. - PeriodSeconds must be greater than zero and less - than or equal to 1800 (30 min). + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: @@ -2404,9 +2342,9 @@ spec: policy. type: string value: - description: value contains the amount of change - which is permitted by the policy. It must be greater - than zero + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero format: int32 type: integer required: @@ -2417,42 +2355,41 @@ spec: type: array x-kubernetes-list-type: atomic selectPolicy: - description: selectPolicy is used to specify which policy - should be used. If not set, the default value Max is - used. + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. type: string stabilizationWindowSeconds: - description: 'stabilizationWindowSeconds is the number - of seconds for which past recommendations should be - considered while scaling up or scaling down. StabilizationWindowSeconds - must be greater than or equal to zero and less than - or equal to 3600 (one hour). If not set, use the default - values: - For scale up: 0 (i.e. no stabilization is - done). - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). format: int32 type: integer type: object scaleUp: - description: 'scaleUp is scaling policy for scaling Up. If - not set, the default value is the higher of: * increase - no more than 4 pods per 60 seconds * double the number of - pods per 60 seconds No stabilization is used.' + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. properties: policies: - description: policies is a list of potential scaling polices - which can be used during scaling. At least one policy - must be specified, otherwise the HPAScalingRules will - be discarded as invalid + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid items: description: HPAScalingPolicy is a single policy which must hold true for a specified past interval. properties: periodSeconds: - description: periodSeconds specifies the window - of time for which the policy should hold true. - PeriodSeconds must be greater than zero and less - than or equal to 1800 (30 min). + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: @@ -2460,9 +2397,9 @@ spec: policy. type: string value: - description: value contains the amount of change - which is permitted by the policy. It must be greater - than zero + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero format: int32 type: integer required: @@ -2473,19 +2410,18 @@ spec: type: array x-kubernetes-list-type: atomic selectPolicy: - description: selectPolicy is used to specify which policy - should be used. If not set, the default value Max is - used. + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. type: string stabilizationWindowSeconds: - description: 'stabilizationWindowSeconds is the number - of seconds for which past recommendations should be - considered while scaling up or scaling down. StabilizationWindowSeconds - must be greater than or equal to zero and less than - or equal to 3600 (one hour). If not set, use the default - values: - For scale up: 0 (i.e. no stabilization is - done). - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). format: int32 type: integer type: object @@ -2496,22 +2432,22 @@ spec: format: int32 type: integer metrics: - description: Metrics is meant to provide a customizable way to - configure HPA metrics. currently the only supported custom metrics - is type=Pod. Use TargetCPUUtilization or TargetMemoryUtilization - instead if scaling on these common resource metrics. + description: |- + Metrics is meant to provide a customizable way to configure HPA metrics. + currently the only supported custom metrics is type=Pod. + Use TargetCPUUtilization or TargetMemoryUtilization instead if scaling on these common resource metrics. items: - description: MetricSpec defines a subset of metrics to be defined - for the HPA's metric array more metric type can be supported - as needed. See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec - for reference. + description: |- + MetricSpec defines a subset of metrics to be defined for the HPA's metric array + more metric type can be supported as needed. + See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec for reference. properties: pods: - description: PodsMetricSource indicates how to scale on - a metric describing each pod in the current scale target - (for example, transactions-processed-per-second). The - values will be averaged together before being compared - to the target value. + description: |- + PodsMetricSource indicates how to scale on a metric describing each pod in + the current scale target (for example, transactions-processed-per-second). + The values will be averaged together before being compared to the target + value. properties: metric: description: metric identifies the target metric by @@ -2521,40 +2457,34 @@ spec: description: name is the name of the given metric type: string selector: - description: selector is the string-encoded form - of a standard kubernetes label selector for the - given metric When set, it is passed as an additional - parameter to the metrics server for more specific - metrics scoping. When unset, just the metricName - will be used to gather metrics. + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2567,12 +2497,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -2584,21 +2512,20 @@ spec: given metric properties: averageUtilization: - description: averageUtilization is the target value - of the average of the resource metric across all - relevant pods, represented as a percentage of + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. - Currently only valid for Resource metric source - type + Currently only valid for Resource metric source type format: int32 type: integer averageValue: anyOf: - type: integer - type: string - description: averageValue is the target value of - the average of the metric across all relevant - pods (as a quantity) + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: @@ -2634,9 +2561,9 @@ spec: format: int32 type: integer targetCPUUtilization: - description: TargetCPUUtilization sets the target average CPU - used across all replicas. If average CPU exceeds this value, - the HPA will scale up. Defaults to 90 percent. + description: |- + TargetCPUUtilization sets the target average CPU used across all replicas. + If average CPU exceeds this value, the HPA will scale up. Defaults to 90 percent. format: int32 type: integer targetMemoryUtilization: @@ -2651,10 +2578,10 @@ spec: for details. type: string configmaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace - as the AmazonCloudWatchAgent object, which shall be mounted into - the Collector Pods. Each ConfigMap will be added to the Collector's - Deployments as a volume named `configmap-`. + description: |- + ConfigMaps is a list of ConfigMaps in the same namespace as the AmazonCloudWatchAgent + object, which shall be mounted into the Collector Pods. + Each ConfigMap will be added to the Collector's Deployments as a volume named `configmap-`. items: properties: mountpath: @@ -2669,9 +2596,9 @@ spec: type: object type: array env: - description: ENV vars to set on the OpenTelemetry Collector's Pods. - These can then in certain cases be consumed in the config file for - the Collector. + description: |- + ENV vars to set on the OpenTelemetry Collector's Pods. These can then in certain cases be + consumed in the config file for the Collector. items: description: EnvVar represents an environment variable present in a Container. @@ -2680,15 +2607,16 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using - the previously defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot @@ -2701,8 +2629,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -2713,10 +2643,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath is @@ -2731,10 +2660,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -2763,8 +2691,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -2780,9 +2710,9 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables on - the OpenTelemetry Collector's Pods. These can then in certain cases - be consumed in the config file for the Collector. + description: |- + List of sources to populate environment variables on the OpenTelemetry Collector's Pods. + These can then in certain cases be consumed in the config file for the Collector. items: description: EnvFromSource represents the source of a set of ConfigMaps properties: @@ -2790,8 +2720,10 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined @@ -2806,8 +2738,10 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -2829,27 +2763,31 @@ spec: for retrieving the container image (Always, Never, IfNotPresent) type: string ingress: - description: 'Ingress is used to specify how OpenTelemetry Collector - is exposed. This functionality is only available if one of the valid - modes is set. Valid modes are: deployment, daemonset and statefulset.' + description: |- + Ingress is used to specify how OpenTelemetry Collector is exposed. This + functionality is only available if one of the valid modes is set. + Valid modes are: deployment, daemonset and statefulset. properties: annotations: additionalProperties: type: string - description: 'Annotations to add to ingress. e.g. ''cert-manager.io/cluster-issuer: - "letsencrypt"''' + description: |- + Annotations to add to ingress. + e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"' type: object hostname: description: Hostname by which the ingress proxy can be reached. type: string ingressClassName: - description: IngressClassName is the name of an IngressClass cluster - resource. Ingress controller implementations use this field - to know whether they should be serving this Ingress resource. + description: |- + IngressClassName is the name of an IngressClass cluster resource. Ingress + controller implementations use this field to know whether they should be + serving this Ingress resource. type: string route: - description: Route is an OpenShift specific section that is only - considered when type "route" is used. + description: |- + Route is an OpenShift specific section that is only considered when + type "route" is used. properties: termination: description: Termination indicates termination type. By default @@ -2862,11 +2800,11 @@ spec: type: string type: object ruleType: - description: RuleType defines how Ingress exposes collector receivers. - IngressRuleTypePath ("path") exposes each receiver port on a - unique path on single domain defined in Hostname. IngressRuleTypeSubdomain - ("subdomain") exposes each receiver port on a unique subdomain - of Hostname. Default is IngressRuleTypePath ("path"). + description: |- + RuleType defines how Ingress exposes collector receivers. + IngressRuleTypePath ("path") exposes each receiver port on a unique path on single domain defined in Hostname. + IngressRuleTypeSubdomain ("subdomain") exposes each receiver port on a unique subdomain of Hostname. + Default is IngressRuleTypePath ("path"). enum: - path - subdomain @@ -2878,74 +2816,74 @@ spec: associated with an ingress. properties: hosts: - description: hosts is a list of hosts included in the TLS - certificate. The values in this list must match the name/s - used in the tlsSecret. Defaults to the wildcard host setting - for the loadbalancer controller fulfilling this Ingress, - if left unspecified. + description: |- + hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. items: type: string type: array x-kubernetes-list-type: atomic secretName: - description: secretName is the name of the secret used to - terminate TLS traffic on port 443. Field is left optional - to allow TLS routing based on SNI hostname alone. If the - SNI host in a listener conflicts with the "Host" header - field used by an IngressRule, the SNI host is used for - termination and value of the "Host" header is used for - routing. + description: |- + secretName is the name of the secret used to terminate TLS traffic on + port 443. Field is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts with the "Host" + header field used by an IngressRule, the SNI host is used for termination + and value of the "Host" header is used for routing. type: string type: object type: array type: - description: 'Type default value is: "" Supported types are: ingress, - route' + description: |- + Type default value is: "" + Supported types are: ingress, route enum: - ingress - route type: string type: object initContainers: - description: 'InitContainers allows injecting initContainers to the - Collector''s pod definition. These init containers can be used to - fetch secrets for injection into the configuration from external - sources, run added checks, etc. Any errors during the execution - of an initContainer will lead to a restart of the Pod. More info: - https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + description: |- + InitContainers allows injecting initContainers to the Collector's pod definition. + These init containers can be used to fetch secrets for injection into the + configuration from external sources, run added checks, etc. Any errors during the execution of + an initContainer will lead to a restart of the Pod. More info: + https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ items: description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array env: - description: List of environment variables to set in the container. + description: |- + List of environment variables to set in the container. Cannot be updated. items: description: EnvVar represents an environment variable present @@ -2956,16 +2894,16 @@ spec: a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -2978,10 +2916,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or @@ -2992,11 +2930,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -3011,11 +2947,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -3045,10 +2979,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its @@ -3064,13 +2998,13 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. items: description: EnvFromSource represents the source of a set of ConfigMaps @@ -3079,9 +3013,10 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be @@ -3097,9 +3032,10 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined @@ -3109,40 +3045,42 @@ spec: type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -3151,9 +3089,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -3163,9 +3101,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -3182,13 +3120,15 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port @@ -3206,10 +3146,10 @@ spec: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect to, @@ -3219,40 +3159,37 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -3261,9 +3198,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. @@ -3273,9 +3210,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -3292,13 +3229,15 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port @@ -3316,10 +3255,10 @@ spec: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect to, @@ -3329,9 +3268,10 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -3339,30 +3279,30 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -3374,10 +3314,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -3386,9 +3328,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP @@ -3398,9 +3340,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -3417,33 +3359,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. + description: |- + Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -3458,78 +3402,82 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. + description: |- + Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: @@ -3541,30 +3489,30 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -3576,10 +3524,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -3588,9 +3538,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP @@ -3600,9 +3550,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -3619,33 +3569,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. + description: |- + Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -3660,34 +3612,33 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object @@ -3698,12 +3649,14 @@ spec: policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -3712,22 +3665,29 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available inside a container. type: string required: @@ -3744,8 +3704,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -3754,52 +3715,52 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3817,60 +3778,60 @@ spec: type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -3890,98 +3851,93 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: @@ -3993,10 +3949,12 @@ spec: format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. type: string required: - port @@ -4005,9 +3963,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP @@ -4017,9 +3975,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -4036,33 +3994,35 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. + description: |- + Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: @@ -4077,77 +4037,76 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. type: boolean volumeDevices: description: volumeDevices is the list of block devices to be @@ -4170,40 +4129,44 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. + description: |- + Pod volumes to mount into the container's filesystem. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -4211,9 +4174,11 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. type: string required: - name @@ -4224,24 +4189,22 @@ spec: to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -4250,9 +4213,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP @@ -4262,9 +4225,9 @@ spec: be used in HTTP probes properties: name: - description: The header field name. This will be - canonicalized upon output, so case-variant names - will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -4281,12 +4244,14 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. + description: |- + Scheme to use for connecting to the host. Defaults to HTTP. type: string required: @@ -4304,10 +4269,10 @@ spec: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler - and kept for the backward compatibility. There are no validation - of this field and lifecycle hooks will fail in runtime when - tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect to, defaults @@ -4317,39 +4282,37 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event such - as liveness/startup probe failure, preemption, resource contention, - etc. The handler is not called if the container crashes or exits. - The Pod''s termination grace period countdown begins before - the PreStop hook is executed. Regardless of the outcome of the - handler, the container will eventually terminate within the - Pod''s termination grace period (unless delayed by finalizers). - Other management of the container blocks until the hook completes - or until the termination grace period is reached. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -4358,9 +4321,9 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP @@ -4370,9 +4333,9 @@ spec: be used in HTTP probes properties: name: - description: The header field name. This will be - canonicalized upon output, so case-variant names - will be understood as the same header. + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -4389,12 +4352,14 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. + description: |- + Scheme to use for connecting to the host. Defaults to HTTP. type: string required: @@ -4412,10 +4377,10 @@ spec: - seconds type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler - and kept for the backward compatibility. There are no validation - of this field and lifecycle hooks will fail in runtime when - tcp handler is specified. + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. properties: host: description: 'Optional: Host name to connect to, defaults @@ -4425,9 +4390,10 @@ spec: anyOf: - type: integer - type: string - description: Number or name of the port to access on the - container. Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -4435,74 +4401,76 @@ spec: type: object type: object livenessProbe: - description: Liveness config for the OpenTelemetry Collector except - the probe handler which is auto generated from the health extension - of the collector. It is only effective when healthcheckextension - is configured in the OpenTelemetry Collector pipeline. + description: |- + Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. + It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline. properties: failureThreshold: - description: Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. Minimum - value is 1. + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. Defaults to 0 seconds. - Minimum value is 0. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after the container has started before liveness probes are initiated. + Defaults to 0 seconds. Minimum value is 0. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value is 1. + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to terminate - gracefully upon probe failure. The grace period is the duration - in seconds after the processes running in the pod are sent a - termination signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates stop immediately - via the kill signal (no opportunity to shut down). This is a - beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object managementState: default: managed - description: ManagementState defines if the CR should be managed by - the operator or not. Default is managed. + description: |- + ManagementState defines if the CR should be managed by the operator or not. + Default is managed. enum: - managed - unmanaged type: string maxReplicas: - description: 'MaxReplicas sets an upper bound to the autoscaling feature. - If MaxReplicas is set autoscaling is enabled. Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" - instead.' + description: |- + MaxReplicas sets an upper bound to the autoscaling feature. If MaxReplicas is set autoscaling is enabled. + Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" instead. format: int32 type: integer minReplicas: - description: 'MinReplicas sets a lower bound to the autoscaling feature. Set - this if you are using autoscaling. It must be at least 1 Deprecated: - use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.' + description: |- + MinReplicas sets a lower bound to the autoscaling feature. Set this if you are using autoscaling. It must be at least 1 + Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead. format: int32 type: integer mode: @@ -4517,9 +4485,9 @@ spec: nodeSelector: additionalProperties: type: string - description: NodeSelector to schedule OpenTelemetry Collector pods. - This is only relevant to daemonset, statefulset, and deployment - mode + description: |- + NodeSelector to schedule OpenTelemetry Collector pods. + This is only relevant to daemonset, statefulset, and deployment mode type: object observability: description: ObservabilitySpec defines how telemetry data gets handled. @@ -4528,104 +4496,116 @@ spec: description: Metrics defines the metrics configuration for operands. properties: enableMetrics: - description: EnableMetrics specifies if ServiceMonitor or - PodMonitor(for sidecar mode) should be created for the service - managed by the OpenTelemetry Operator. The operator.observability.prometheus - feature gate must be enabled to use this feature. + description: |- + EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar mode) should be created for the service managed by the OpenTelemetry Operator. + The operator.observability.prometheus feature gate must be enabled to use this feature. type: boolean type: object type: object podAnnotations: additionalProperties: type: string - description: PodAnnotations is the set of annotations that will be - attached to Collector and Target Allocator pods. + description: |- + PodAnnotations is the set of annotations that will be attached to + Collector and Target Allocator pods. type: object podDisruptionBudget: - description: PodDisruptionBudget specifies the pod disruption budget - configuration to use for the AmazonCloudWatchAgent workload. + description: |- + PodDisruptionBudget specifies the pod disruption budget configuration to use + for the AmazonCloudWatchAgent workload. properties: maxUnavailable: anyOf: - type: integer - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the eviction, - i.e. even in absence of the evicted pod. For example, one can - prevent all voluntary evictions by specifying 0. This is a mutually - exclusive setting with "minAvailable". + description: |- + An eviction is allowed if at most "maxUnavailable" pods selected by + "selector" are unavailable after the eviction, i.e. even in absence of + the evicted pod. For example, one can prevent all voluntary evictions + by specifying 0. This is a mutually exclusive setting with "minAvailable". x-kubernetes-int-or-string: true minAvailable: anyOf: - type: integer - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after the - eviction, i.e. even in the absence of the evicted pod. So for - example you can prevent all voluntary evictions by specifying - "100%". + description: |- + An eviction is allowed if at least "minAvailable" pods selected by + "selector" will still be available after the eviction, i.e. even in the + absence of the evicted pod. So for example you can prevent all voluntary + evictions by specifying "100%". x-kubernetes-int-or-string: true type: object podSecurityContext: - description: "PodSecurityContext configures the pod security context - for the amazon-cloudwatch-agent pod, when running as a deployment, - daemonset, or statefulset. \n In sidecar mode, the amazon-cloudwatch-agent-operator - will ignore this setting." + description: |- + PodSecurityContext configures the pod security context for the + amazon-cloudwatch-agent pod, when running as a deployment, daemonset, + or statefulset. + + + In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. + description: |- + The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. properties: level: @@ -4646,47 +4626,48 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set properties: @@ -4702,80 +4683,86 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object ports: - description: Ports allows a set of ports to be exposed by the underlying - v1.Service. By default, the operator will attempt to infer the required - ports by parsing the .Spec.Config property but this property can - be used to open additional ports that can't be inferred by the operator, - like for custom receivers. + description: |- + Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator + will attempt to infer the required ports by parsing the .Spec.Config property but this property can be + used to open additional ports that can't be inferred by the operator, like for custom receivers. items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this port. This is - used as a hint for implementations to offer richer behavior - for protocols that they understand. This field follows standard - Kubernetes label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service names - (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- - * 'kubernetes.io/ws' - WebSocket over cleartext as described - in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined prefixed - names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. This - must be a DNS_LABEL. All ports within a ServiceSpec must have - unique names. When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. Optional - if only one ServicePort is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this service is - exposed when type is NodePort or LoadBalancer. Usually assigned - by the system. If a value is specified, in-range, and not - in use it will be used, otherwise the operation will fail. If - not specified, a port will be allocated if this Service requires - one. If this field is specified when creating a Service which - does not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -4784,21 +4771,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access on the pods - targeted by the service. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the target Pod''s - container ports. If this is not specified, the value of the - ''port'' field is used (an identity map). This field is ignored - for services with clusterIP=None, and should be omitted or - set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -4806,8 +4795,10 @@ spec: type: array x-kubernetes-list-type: atomic priorityClassName: - description: If specified, indicates the pod's priority. If not specified, - the pod priority will be default or zero if there is no default. + description: |- + If specified, indicates the pod's priority. + If not specified, the pod priority will be default or zero if there is no + default. type: string replicas: description: Replicas is the number of pod instances for the underlying @@ -4818,18 +4809,24 @@ spec: description: Resources to set on the OpenTelemetry Collector pods. properties: claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -4845,8 +4842,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -4855,33 +4853,42 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object securityContext: - description: "SecurityContext configures the container security context - for the amazon-cloudwatch-agent container. \n In deployment, daemonset, - or statefulset mode, this controls the security context settings - for the primary application container. \n In sidecar mode, this - controls the security context for the injected sidecar container." + description: |- + SecurityContext configures the container security context for + the amazon-cloudwatch-agent container. + + + In deployment, daemonset, or statefulset mode, this controls + the security context settings for the primary application + container. + + + In sidecar mode, this controls the security context for the + injected sidecar container. properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool - directly controls if the no_new_privs flag will be set on the - container process. AllowPrivilegeEscalation is true always when - the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name - is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4897,56 +4904,60 @@ spec: type: array type: object privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name - is windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to use for - the containers. The default is DefaultProcMount which uses the - container runtime defaults for readonly paths and masked paths. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. + description: |- + The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name - is windows. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies to @@ -4966,428 +4977,1992 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by this container. If - seccomp options are provided at both the pod & container level, - the container options override the pod options. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccount: - description: ServiceAccount indicates the name of an existing service - account to use with this instance. When set, the operator will not - automatically create a ServiceAccount for the collector. + description: |- + ServiceAccount indicates the name of an existing service account to use with this instance. When set, + the operator will not automatically create a ServiceAccount for the collector. type: string - terminationGracePeriodSeconds: - description: Duration in seconds the pod needs to terminate gracefully - upon probe failure. - format: int64 - type: integer - tolerations: - description: Toleration to schedule OpenTelemetry Collector pods. - This is only relevant to daemonset, statefulset, and deployment - mode - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints embedded kubernetes pod configuration - option, controls how pods are spread across your cluster among failure-domains - such as regions, zones, nodes, and other user-defined topology domains - https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - This is only relevant to statefulset, and deployment mode - items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + targetAllocator: + description: TargetAllocator indicates a value which determines whether + to spawn a target allocation resource or not. + properties: + affinity: + description: If specified, indicates the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. items: - type: string + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic type: array required: - - key - - operator + - nodeSelectorTerms type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select - the pods over which spreading will be calculated. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are ANDed with labelSelector to select the - group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in - both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys that don't exist - in the incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. \n This is a - beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods - in an eligible domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. | - zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that satisfy - it. It''s a required field. Default value is 1 and 0 is not - allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation of - Skew is performed. And when the number of eligible domains - with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than 0. When value - is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector spread as - 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, new pod with - the same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread feature gate - to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. \n - If this value is nil, the behavior is equivalent to the Honor - policy. This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node - taints when calculating pod topology spread skew. Options - are: - Honor: nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. We define a domain as a particular instance of - a topology. Also, we define an eligible domain as a domain - whose nodes meet the requirements of nodeAffinityPolicy and - nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain of - that topology. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but - giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for an - incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. For - example, in a 3-zone cluster, MaxSkew is set to 1, and pods - with the same labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable is - set to DoNotSchedule, incoming pod can only be scheduled to - zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on - zone2(zone3) satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make it *more* - imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - updateStrategy: - description: UpdateStrategy represents the strategy the operator will - take replacing existing DaemonSet pods with new pods https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec - This is only applicable to Daemonset mode. - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if type - = "RollingUpdate". --- TODO: Update this to follow our convention - for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. - See https://github.com/kubernetes/kubernetes/issues/35345' - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: 'The maximum number of nodes with an existing - available DaemonSet pod that can have an updated DaemonSet - pod during during an update. Value can be an absolute number - (ex: 5) or a percentage of desired pods (ex: 10%). This - can not be 0 if MaxUnavailable is 0. Absolute number is - calculated from percentage by rounding up to a minimum of - 1. Default value is 0. Example: when this is set to 30%, - at most 30% of the total number of nodes that should be - running the daemon pod (i.e. status.desiredNumberScheduled) - can have their a new pod created before the old pod is marked - as deleted. The update starts by launching new pods on 30% - of nodes. Once an updated pod is available (Ready for at - least minReadySeconds) the old DaemonSet pod on that node - is marked deleted. If the old pod becomes unavailable for - any reason (Ready transitions to false, is evicted, or is - drained) an updated pod is immediatedly created on that - node without considering surge limits. Allowing surge implies - the possibility that the resources consumed by the daemonset - on any given node can double if the readiness check fails, - and so resource intensive daemonsets should take into account - that they may cause evictions during disruption.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of DaemonSet pods that can - be unavailable during the update. Value can be an absolute - number (ex: 5) or a percentage of total number of DaemonSet - pods at the start of the update (ex: 10%). Absolute number - is calculated from percentage by rounding up. This cannot - be 0 if MaxSurge is 0 Default value is 1. Example: when - this is set to 30%, at most 30% of the total number of nodes - that should be running the daemon pod (i.e. status.desiredNumberScheduled) - can have their pods stopped for an update at any given time. - The update starts by stopping at most 30% of those DaemonSet - pods and then brings up new DaemonSet pods in their place. - Once the new pods are available, it then proceeds onto other - DaemonSet pods, thus ensuring that at least 70% of original - number of DaemonSet pods are available at all times during - the update.' - x-kubernetes-int-or-string: true - type: object - type: - description: Type of daemon set update. Can be "RollingUpdate" - or "OnDelete". Default is RollingUpdate. - type: string - type: object - upgradeStrategy: - description: UpgradeStrategy represents how the operator will handle - upgrades to the CR when a newer version of the operator is deployed - enum: - - automatic - - none - type: string - volumeClaimTemplates: - description: VolumeClaimTemplates will provide stable storage using - PersistentVolumes. Only available when the mode=statefulset. - items: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: 'spec defines the desired characteristics of a - volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified data - source, it will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will be copied - to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will - not be copied to dataSource.' + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + allocationStrategy: + description: |- + AllocationStrategy determines which strategy the target allocator should use for allocation. + The current options are least-weighted and consistent-hashing. The default option is least-weighted + enum: + - least-weighted + - consistent-hashing + type: string + enabled: + description: Enabled indicates whether to use a target allocation + mechanism for Prometheus targets or not. + type: boolean + env: + description: |- + ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be + consumed in the config file for the TargetAllocator. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + filterStrategy: + description: |- + FilterStrategy determines how to filter targets before allocating them among the collectors. + The only current option is relabel-config (drops targets based on prom relabel_config). + Filtering is disabled by default. + type: string + image: + description: Image indicates the container image to use for the + OpenTelemetry TargetAllocator. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to schedule OpenTelemetry TargetAllocator + pods. + type: object + prometheusCR: + description: |- + PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. + All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces. + properties: + enabled: + description: Enabled indicates whether to use a PrometheusOperator + custom resources as targets or not. + type: boolean + podMonitorSelector: + additionalProperties: + type: string + description: |- + PodMonitors to be selected for target discovery. + This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a + PodMonitor's meta labels. The requirements are ANDed. + type: object + scrapeInterval: + default: 30s + description: |- + Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. + + + Default: "30s" + format: duration + type: string + serviceMonitorSelector: + additionalProperties: + type: string + description: |- + ServiceMonitors to be selected for target discovery. + This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a + ServiceMonitor's meta labels. The requirements are ANDed. + type: object + type: object + replicas: + description: |- + Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value + other than 1 if a strategy that allows for high availability is chosen. Currently, the only allocation strategy + that can be run in a high availability mode is consistent-hashing. + format: int32 + type: integer + resources: + description: Resources to set on the OpenTelemetryTargetAllocator + containers. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: |- + SecurityContext configures the container security context for + the targetallocator. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + ServiceAccount indicates the name of an existing service account to use with this instance. When set, + the operator will not automatically create a ServiceAccount for the TargetAllocator. + type: string + tolerations: + description: |- + Toleration embedded kubernetes pod configuration option, + controls how pods can be scheduled with matching taints + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints embedded kubernetes pod configuration option, + controls how pods are spread across your cluster among failure-domains + such as regions, zones, nodes, and other user-defined topology domains + https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + terminationGracePeriodSeconds: + description: Duration in seconds the pod needs to terminate gracefully + upon probe failure. + format: int64 + type: integer + tolerations: + description: |- + Toleration to schedule OpenTelemetry Collector pods. + This is only relevant to daemonset, statefulset, and deployment mode + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints embedded kubernetes pod configuration option, + controls how pods are spread across your cluster among failure-domains + such as regions, zones, nodes, and other user-defined topology domains + https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + This is only relevant to statefulset, and deployment mode + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: |- + UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods + https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec + This is only applicable to Daemonset mode. + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if type = "RollingUpdate". + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. Same as Deployment `strategy.rollingUpdate`. + See https://github.com/kubernetes/kubernetes/issues/35345 + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of nodes with an existing available DaemonSet pod that + can have an updated DaemonSet pod during during an update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up to a minimum of 1. + Default value is 0. + Example: when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their a new pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. Once an updated + pod is available (Ready for at least minReadySeconds) the old DaemonSet pod + on that node is marked deleted. If the old pod becomes unavailable for any + reason (Ready transitions to false, is evicted, or is drained) an updated + pod is immediatedly created on that node without considering surge limits. + Allowing surge implies the possibility that the resources consumed by the + daemonset on any given node can double if the readiness check fails, and + so resource intensive daemonsets should take into account that they may + cause evictions during disruption. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of DaemonSet pods that can be unavailable during the + update. Value can be an absolute number (ex: 5) or a percentage of total + number of DaemonSet pods at the start of the update (ex: 10%). Absolute + number is calculated from percentage by rounding up. + This cannot be 0 if MaxSurge is 0 + Default value is 1. + Example: when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given time. The update + starts by stopping at most 30% of those DaemonSet pods and then brings + up new DaemonSet pods in their place. Once the new pods are available, + it then proceeds onto other DaemonSet pods, thus ensuring that at least + 70% of original number of DaemonSet pods are available at all times during + the update. + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. + type: string + type: object + upgradeStrategy: + description: UpgradeStrategy represents how the operator will handle + upgrades to the CR when a newer version of the operator is deployed + enum: + - automatic + - none + type: string + volumeClaimTemplates: + description: VolumeClaimTemplates will provide stable storage using + PersistentVolumes. Only available when the mode=statefulset. + items: + description: PersistentVolumeClaim is a user's request for and claim + to a persistent volume + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -5401,39 +6976,36 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which - to populate the volume with data, if a non-empty volume - is desired. This may be any object from a non-empty API - group (non core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only - succeed if the type of the specified object matches some - installed volume populator or dynamic provisioner. This - field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they must - have the same value. For backwards compatibility, when - namespace isn''t specified in dataSourceRef, both fields - (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other - is non-empty. When namespace is specified in dataSourceRef, - dataSource isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows two - specific types of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. * While - dataSource ignores disallowed values (dropping them), - dataSourceRef preserves all values, and generates an error - if a disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this field requires the - AnyVolumeDataSource feature gate to be enabled. (Alpha) - Using the namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -5442,26 +7014,22 @@ spec: description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but must - still be higher than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: limits: additionalProperties: @@ -5470,8 +7038,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -5480,11 +7049,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -5495,8 +7064,8 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -5504,17 +7073,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -5526,41 +7094,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used to set - the VolumeAttributesClass used by this claim. If specified, - the CSI driver will create or update the volume with the - attributes defined in the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, it - can be changed after the claim is created. An empty string - value means that no VolumeAttributesClass will be applied - to the claim but it''s not allowed to reset this field - to empty string once it is set. If unspecified and the - PersistentVolumeClaim is unbound, the default VolumeAttributesClass + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does - not exist, this PersistentVolumeClaim will be set to a - Pending state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference to the @@ -5568,56 +7132,59 @@ spec: type: string type: object status: - description: 'status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array allocatedResourceStatuses: additionalProperties: - description: When a controller receives persistentvolume - claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that - update and let other controllers handle it. + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. type: string description: "allocatedResourceStatuses stores status of - resource being resized for the given PVC. Key names follow - standard Kubernetes label syntax. Valid values are either: - * Un-prefixed keys: - storage - the capacity of the volume. - * Custom resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\" Apart + resource being resized for the given PVC.\nKey names follow + standard Kubernetes label syntax. Valid values are either:\n\t* + Un-prefixed keys:\n\t\t- storage - the capacity of the + volume.\n\t* Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered reserved and hence may not be used. - \n ClaimResourceStatus can be in any of following states: - - ControllerResizeInProgress: State set when resize controller - starts resizing the volume in control-plane. - ControllerResizeFailed: - State set when resize has failed in resize controller - with a terminal error. - NodeResizePending: State set + prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with a + terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume - but further resizing of volume is needed on the node. - - NodeResizeInProgress: State set when kubelet starts - resizing the volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - this field can - be one of the following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is not set, it + but further resizing of\n\t\tvolume is needed on the node.\n\t- + NodeResizeInProgress:\n\t\tState set when kubelet starts + resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the - given PVC. \n A controller that receives PVC update with - previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose it was designed. - For example - a controller that only is responsible for - resizing capacity of the volume, should ignore PVC updates - that change other valid resources associated with PVC. - \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + given PVC.\n\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates that + change other valid\nresources associated with PVC.\n\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular @@ -5629,29 +7196,29 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: "allocatedResources tracks the resources allocated - to a PVC including its capacity. Key names follow standard - Kubernetes label syntax. Valid values are either: * Un-prefixed - keys: - storage - the capacity of the volume. * Custom - resources must use implementation-defined prefixed names - such as \"example.com/my-custom-resource\" Apart from - above values - keys that are unprefixed or have kubernetes.io - prefix are considered reserved and hence may not be used. - \n Capacity reported here may be larger than the actual - capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request is - lowered, allocatedResources is only lowered if there are - no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested capacity. - \n A controller that receives PVC update with previously - unknown resourceName should ignore the update for the - purpose it was designed. For example - a controller that - only is responsible for resizing capacity of the volume, - should ignore PVC updates that change other valid resources - associated with PVC. \n This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." + to a PVC including its capacity.\nKey names follow standard + Kubernetes label syntax. Valid values are either:\n\t* + Un-prefixed keys:\n\t\t- storage - the capacity of the + volume.\n\t* Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have kubernetes.io + prefix are considered\nreserved and hence may not be used.\n\n\nCapacity + reported here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor storage + quota, the larger value from allocatedResources and PVC.spec.resources + is used.\nIf allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and if + the actual volume capacity\nis equal or lower than the + requested capacity.\n\n\nA controller that receives PVC + update with previously unknown resourceName\nshould ignore + the update for the purpose it was designed. For example + - a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates that + change other valid\nresources associated with PVC.\n\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -5664,8 +7231,8 @@ spec: the underlying volume. type: object conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition contains details @@ -5686,10 +7253,9 @@ spec: indicating details about last transition. type: string reason: - description: reason is a unique, this should be a - short, machine understandable string that gives - the reason for condition's last transition. If it - reports "ResizeStarted" that means the underlying + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. type: string status: @@ -5704,32 +7270,30 @@ spec: type: object type: array currentVolumeAttributesClassName: - description: currentVolumeAttributesClassName is the current - name of the VolumeAttributesClass the PVC is using. When - unset, there is no VolumeAttributeClass applied to this - PersistentVolumeClaim This is an alpha field and requires - enabling VolumeAttributesClass feature. + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. type: string modifyVolumeStatus: - description: ModifyVolumeStatus represents the status object - of ControllerModifyVolume operation. When this is unset, - there is no ModifyVolume operation being attempted. This - is an alpha field and requires enabling VolumeAttributesClass - feature. + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. properties: status: - description: 'status is the status of the ControllerModifyVolume - operation. It can be in any of following states: - - Pending Pending indicates that the PersistentVolumeClaim + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such - as the specified VolumeAttributesClass not existing. - - InProgress InProgress indicates that the volume - is being modified. - Infeasible Infeasible indicates + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the - CSI driver. To resolve the error, a valid VolumeAttributesClass - needs to be specified. Note: New statuses can be added - in the future. Consumers should check for unknown - statuses and fail appropriately.' + CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass + needs to be specified.\nNote: New statuses can be + added in the future. Consumers should check for unknown + statuses and fail appropriately." type: string targetVolumeAttributesClassName: description: targetVolumeAttributesClassName is the @@ -5754,32 +7318,36 @@ spec: a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -5795,34 +7363,36 @@ spec: be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: string required: - volumeID @@ -5844,10 +7414,10 @@ spec: storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: description: 'kind expected values are Shared: multiple @@ -5856,8 +7426,9 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean required: - diskName @@ -5868,8 +7439,9 @@ spec: on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretName: description: secretName is the name of secret that contains @@ -5887,8 +7459,9 @@ spec: shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it items: type: string type: array @@ -5897,61 +7470,72 @@ spec: rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string required: - volumeID @@ -5961,27 +7545,25 @@ spec: this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -5989,22 +7571,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -6012,8 +7593,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -6027,41 +7610,43 @@ spec: feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. type: object required: - driver @@ -6071,16 +7656,15 @@ spec: that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: @@ -6107,15 +7691,13 @@ spec: type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: @@ -6126,10 +7708,9 @@ spec: with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -6156,73 +7737,94 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. properties: annotations: additionalProperties: @@ -6242,37 +7844,35 @@ spec: type: string type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -6288,45 +7888,36 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -6337,27 +7928,22 @@ spec: referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: limits: additionalProperties: @@ -6366,8 +7952,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -6376,12 +7963,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -6393,28 +7979,24 @@ spec: selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -6427,46 +8009,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used - to set the VolumeAttributesClass used by this - claim. If specified, the CSI driver will create - or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This - has a different purpose than storageClassName, - it can be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s not allowed - to reset this field to empty string once it is - set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected by the - modifyVolumeStatus field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference @@ -6483,19 +8056,20 @@ spec: pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean targetWWNs: description: 'targetWWNs is Optional: FC target worldwide @@ -6504,26 +8078,27 @@ spec: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. properties: driver: description: driver is the name of the driver to use for this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: @@ -6532,20 +8107,23 @@ spec: command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6558,9 +8136,9 @@ spec: service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated type: string datasetUUID: description: datasetUUID is the UUID of the dataset. This @@ -6568,52 +8146,55 @@ spec: type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. type: string repository: description: repository is the URL @@ -6626,51 +8207,61 @@ spec: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md properties: chapAuthDiscovery: description: chapAuthDiscovery defines whether support iSCSI @@ -6681,56 +8272,59 @@ spec: Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. type: string iqn: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). type: string lun: description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. type: boolean secretRef: description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -6738,43 +8332,51 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - claimName @@ -6784,10 +8386,10 @@ spec: persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: description: pdID is the ID that identifies Photon Controller @@ -6801,14 +8403,15 @@ spec: and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: volumeID uniquely identifies a Portworx volume @@ -6821,14 +8424,13 @@ spec: configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: @@ -6838,54 +8440,54 @@ spec: other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access - the `.spec.trustBundle` field of ClusterTrustBundle - objects in an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature gate. - \n ClusterTrustBundle objects can either be selected - by name, or by the combination of signer name and - a label selector. \n Kubelet performs aggressive - normalization of the PEM contents written into the - pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates - are deduplicated. The ordering of certificates within - the file is arbitrary, and Kubelet may change the - order over time." + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. properties: labelSelector: - description: Select all ClusterTrustBundles that - match this label selector. Only has effect - if signerName is set. Mutually-exclusive with - name. If unset, interpreted as "match nothing". If - set but empty, interpreted as "match everything". + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -6898,37 +8500,35 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive with signerName - and labelSelector. + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. type: string optional: - description: If true, don't block pod startup - if the referenced ClusterTrustBundle(s) aren't - available. If using name, then the named ClusterTrustBundle - is allowed not to exist. If using signerName, - then the combination of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. type: boolean path: description: Relative path from the volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles that - match this signer name. Mutually-exclusive with - name. The contents of all selected ClusterTrustBundles - will be unified and deduplicated. + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. type: string required: - path @@ -6938,17 +8538,14 @@ spec: data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -6957,25 +8554,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -6983,10 +8576,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -7025,17 +8618,13 @@ spec: type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: @@ -7047,10 +8636,9 @@ spec: with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: description: 'Container name: required @@ -7083,17 +8671,14 @@ spec: to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -7102,25 +8687,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -7128,10 +8709,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -7144,29 +8725,26 @@ spec: the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. + description: |- + path is the path relative to the mount point of the file to project the + token into. type: string required: - path @@ -7179,28 +8757,30 @@ spec: that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group + description: |- + group to map volume access to + Default is no group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user + description: |- + user to map volume access to + Defaults to serivceaccount user type: string volume: description: volume is a string that references an already @@ -7211,54 +8791,68 @@ spec: - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string required: - image @@ -7269,9 +8863,11 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". type: string gateway: description: gateway is the host address of the ScaleIO @@ -7282,17 +8878,20 @@ spec: Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7301,8 +8900,8 @@ spec: with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: @@ -7314,9 +8913,9 @@ spec: configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. type: string required: - gateway @@ -7324,31 +8923,30 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -7356,22 +8954,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -7383,8 +8980,9 @@ spec: its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string type: object storageos: @@ -7392,40 +8990,42 @@ spec: and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: @@ -7433,10 +9033,10 @@ spec: and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: description: storagePolicyID is the storage Policy Based @@ -7459,9 +9059,10 @@ spec: type: array x-kubernetes-list-type: atomic workingDir: - description: WorkingDir represents Container's working directory. - If not specified, the container runtime's default will be used, - which might be configured in the container image. Cannot be updated. + description: |- + WorkingDir represents Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string type: object status: @@ -7473,16 +9074,17 @@ spec: Collector. type: string messages: - description: 'Messages about actions performed by the operator on - this resource. Deprecated: use Kubernetes events instead.' + description: |- + Messages about actions performed by the operator on this resource. + Deprecated: use Kubernetes events instead. items: type: string type: array x-kubernetes-list-type: atomic replicas: - description: 'Replicas is currently not being set and might be removed - in the next version. Deprecated: use "AmazonCloudWatchAgent.Status.Scale.Replicas" - instead.' + description: |- + Replicas is currently not being set and might be removed in the next version. + Deprecated: use "AmazonCloudWatchAgent.Status.Scale.Replicas" instead. format: int32 type: integer scale: @@ -7490,19 +9092,21 @@ spec: status. properties: replicas: - description: The total number non-terminated pods targeted by - this AmazonCloudWatchAgent's deployment or statefulSet. + description: |- + The total number non-terminated pods targeted by this + AmazonCloudWatchAgent's deployment or statefulSet. format: int32 type: integer selector: - description: The selector used to match the AmazonCloudWatchAgent's + description: |- + The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods. type: string statusReplicas: - description: StatusReplicas is the number of pods targeted by - this AmazonCloudWatchAgent's with a Ready Condition / Total - number of non-terminated pods targeted by this AmazonCloudWatchAgent's - (their labels match the selector). Deployment, Daemonset, StatefulSet. + description: |- + StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / + Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). + Deployment, Daemonset, StatefulSet. type: string type: object version: diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_dcgmexporters.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_dcgmexporters.yaml index 0274e45df..30aa743bc 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_dcgmexporters.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_dcgmexporters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: dcgmexporters.cloudwatch.aws.amazon.com spec: group: cloudwatch.aws.amazon.com @@ -41,14 +41,19 @@ spec: description: DcgmExporter is the Schema for the DcgmExporters API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -63,22 +68,20 @@ spec: pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the @@ -88,30 +91,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -124,30 +123,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -169,50 +164,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -225,30 +216,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -270,16 +257,15 @@ spec: this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm @@ -290,37 +276,33 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -333,89 +315,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -428,40 +395,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -470,53 +434,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -528,84 +490,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -617,32 +569,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: @@ -656,16 +604,15 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm @@ -676,37 +623,33 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -719,89 +662,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -814,40 +742,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -856,53 +781,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -914,84 +837,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1003,32 +916,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: @@ -1044,8 +953,9 @@ spec: binary type: object env: - description: ENV vars to set on the DCGM Exporter Pods. These can - then in certain cases be consumed in the config file for the Collector. + description: |- + ENV vars to set on the DCGM Exporter Pods. These can then in certain cases be + consumed in the config file for the Collector. items: description: EnvVar represents an environment variable present in a Container. @@ -1054,15 +964,16 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using - the previously defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot @@ -1075,8 +986,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1087,10 +1000,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath is @@ -1105,10 +1017,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -1137,8 +1048,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1163,50 +1076,58 @@ spec: nodeSelector: additionalProperties: type: string - description: NodeSelector to schedule DCGM Exporter pods. This is - only relevant to daemonset, statefulset, and deployment mode + description: |- + NodeSelector to schedule DCGM Exporter pods. + This is only relevant to daemonset, statefulset, and deployment mode type: object ports: - description: Ports allows a set of ports to be exposed by the underlying - v1.Service. By default, the operator will attempt to infer the required - ports by parsing the .Spec.Config property but this property can - be used to open additional ports that can't be inferred by the operator, - like for custom receivers. + description: |- + Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator + will attempt to infer the required ports by parsing the .Spec.Config property but this property can be + used to open additional ports that can't be inferred by the operator, like for custom receivers. items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this port. This is - used as a hint for implementations to offer richer behavior - for protocols that they understand. This field follows standard - Kubernetes label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service names - (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- - * 'kubernetes.io/ws' - WebSocket over cleartext as described - in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined prefixed - names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. This - must be a DNS_LABEL. All ports within a ServiceSpec must have - unique names. When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. Optional - if only one ServicePort is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this service is - exposed when type is NodePort or LoadBalancer. Usually assigned - by the system. If a value is specified, in-range, and not - in use it will be used, otherwise the operation will fail. If - not specified, a port will be allocated if this Service requires - one. If this field is specified when creating a Service which - does not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -1215,21 +1136,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access on the pods - targeted by the service. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the target Pod''s - container ports. If this is not specified, the value of the - ''port'' field is used (an identity map). This field is ignored - for services with clusterIP=None, and should be omitted or - set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -1240,18 +1163,24 @@ spec: description: Resources to set on the DCGM Exporter pods. properties: claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -1267,8 +1196,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1277,22 +1207,63 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object serviceAccount: - description: ServiceAccount indicates the name of an existing service - account to use with this instance. When set, the operator will not - automatically create a ServiceAccount for the collector. + description: |- + ServiceAccount indicates the name of an existing service account to use with this instance. When set, + the operator will not automatically create a ServiceAccount for the collector. type: string tlsConfig: description: TlsConfig is the raw YAML to be used as the exporter TLS configuration. type: string + tolerations: + description: |- + Toleration to schedule DCGM Exporter pods. + This is only relevant to daemonset, statefulset, and deployment mode + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array volumeMounts: description: VolumeMounts represents the mount points to use in the underlying collector deployment(s) @@ -1301,32 +1272,36 @@ spec: a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1342,34 +1317,36 @@ spec: be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: string required: - volumeID @@ -1391,10 +1368,10 @@ spec: storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: description: 'kind expected values are Shared: multiple @@ -1403,8 +1380,9 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean required: - diskName @@ -1415,8 +1393,9 @@ spec: on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretName: description: secretName is the name of secret that contains @@ -1434,8 +1413,9 @@ spec: shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it items: type: string type: array @@ -1444,61 +1424,72 @@ spec: rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string required: - volumeID @@ -1508,27 +1499,25 @@ spec: this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -1536,22 +1525,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -1559,8 +1547,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -1574,41 +1564,43 @@ spec: feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. type: object required: - driver @@ -1618,16 +1610,15 @@ spec: that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: @@ -1654,15 +1645,13 @@ spec: type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: @@ -1673,10 +1662,9 @@ spec: with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -1703,73 +1691,94 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. properties: annotations: additionalProperties: @@ -1789,37 +1798,35 @@ spec: type: string type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -1835,45 +1842,36 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -1884,27 +1882,22 @@ spec: referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: limits: additionalProperties: @@ -1913,8 +1906,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1923,12 +1917,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -1940,28 +1933,24 @@ spec: selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -1974,46 +1963,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used - to set the VolumeAttributesClass used by this - claim. If specified, the CSI driver will create - or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This - has a different purpose than storageClassName, - it can be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s not allowed - to reset this field to empty string once it is - set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected by the - modifyVolumeStatus field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference @@ -2030,19 +2010,20 @@ spec: pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean targetWWNs: description: 'targetWWNs is Optional: FC target worldwide @@ -2051,26 +2032,27 @@ spec: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. properties: driver: description: driver is the name of the driver to use for this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: @@ -2079,20 +2061,23 @@ spec: command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2105,9 +2090,9 @@ spec: service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated type: string datasetUUID: description: datasetUUID is the UUID of the dataset. This @@ -2115,52 +2100,55 @@ spec: type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. type: string repository: description: repository is the URL @@ -2173,51 +2161,61 @@ spec: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md properties: chapAuthDiscovery: description: chapAuthDiscovery defines whether support iSCSI @@ -2228,56 +2226,59 @@ spec: Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. type: string iqn: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). type: string lun: description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. type: boolean secretRef: description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -2285,43 +2286,51 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - claimName @@ -2331,10 +2340,10 @@ spec: persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: description: pdID is the ID that identifies Photon Controller @@ -2348,14 +2357,15 @@ spec: and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: volumeID uniquely identifies a Portworx volume @@ -2368,14 +2378,13 @@ spec: configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: @@ -2385,54 +2394,54 @@ spec: other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access - the `.spec.trustBundle` field of ClusterTrustBundle - objects in an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature gate. - \n ClusterTrustBundle objects can either be selected - by name, or by the combination of signer name and - a label selector. \n Kubelet performs aggressive - normalization of the PEM contents written into the - pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates - are deduplicated. The ordering of certificates within - the file is arbitrary, and Kubelet may change the - order over time." + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. properties: labelSelector: - description: Select all ClusterTrustBundles that - match this label selector. Only has effect - if signerName is set. Mutually-exclusive with - name. If unset, interpreted as "match nothing". If - set but empty, interpreted as "match everything". + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2445,37 +2454,35 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive with signerName - and labelSelector. + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. type: string optional: - description: If true, don't block pod startup - if the referenced ClusterTrustBundle(s) aren't - available. If using name, then the named ClusterTrustBundle - is allowed not to exist. If using signerName, - then the combination of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. type: boolean path: description: Relative path from the volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles that - match this signer name. Mutually-exclusive with - name. The contents of all selected ClusterTrustBundles - will be unified and deduplicated. + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. type: string required: - path @@ -2485,17 +2492,14 @@ spec: data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -2504,25 +2508,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -2530,10 +2530,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -2572,17 +2572,13 @@ spec: type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: @@ -2594,10 +2590,9 @@ spec: with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: description: 'Container name: required @@ -2630,17 +2625,14 @@ spec: to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -2649,25 +2641,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -2675,10 +2663,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -2691,29 +2679,26 @@ spec: the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. + description: |- + path is the path relative to the mount point of the file to project the + token into. type: string required: - path @@ -2726,28 +2711,30 @@ spec: that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group + description: |- + group to map volume access to + Default is no group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user + description: |- + user to map volume access to + Defaults to serivceaccount user type: string volume: description: volume is a string that references an already @@ -2758,54 +2745,68 @@ spec: - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string required: - image @@ -2816,9 +2817,11 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". type: string gateway: description: gateway is the host address of the ScaleIO @@ -2829,17 +2832,20 @@ spec: Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2848,8 +2854,8 @@ spec: with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: @@ -2861,9 +2867,9 @@ spec: configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. type: string required: - gateway @@ -2871,31 +2877,30 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -2903,22 +2908,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -2930,8 +2934,9 @@ spec: its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string type: object storageos: @@ -2939,40 +2944,42 @@ spec: and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: @@ -2980,10 +2987,10 @@ spec: and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: description: storagePolicyID is the storage Policy Based @@ -3014,35 +3021,38 @@ spec: Exporter. type: string messages: - description: 'Messages about actions performed by the operator on - this resource. Deprecated: use Kubernetes events instead.' + description: |- + Messages about actions performed by the operator on this resource. + Deprecated: use Kubernetes events instead. items: type: string type: array x-kubernetes-list-type: atomic replicas: - description: 'Replicas is currently not being set and might be removed - in the next version. Deprecated: use "DcgmExporter.Status.Scale.Replicas" - instead.' + description: |- + Replicas is currently not being set and might be removed in the next version. + Deprecated: use "DcgmExporter.Status.Scale.Replicas" instead. format: int32 type: integer scale: description: Scale is the DcgmExporter's scale subresource status. properties: replicas: - description: The total number non-terminated pods targeted by - this AmazonCloudWatchAgent's deployment or statefulSet. + description: |- + The total number non-terminated pods targeted by this + AmazonCloudWatchAgent's deployment or statefulSet. format: int32 type: integer selector: - description: The selector used to match the AmazonCloudWatchAgent's + description: |- + The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods. type: string statusReplicas: - description: StatusReplicas is the number of pods targeted by - this AmazonCloudWatchAgent's with a Ready Condition / Total - number of non-terminated pods targeted by this AmazonCloudWatchAgent's - (their labels match the selector). Deployment, Daemonset, StatefulSet. + description: |- + StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / + Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). + Deployment, Daemonset, StatefulSet. type: string type: object version: diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_instrumentations.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_instrumentations.yaml index d3fc23183..d759cd265 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_instrumentations.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_instrumentations.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: instrumentations.cloudwatch.aws.amazon.com spec: group: cloudwatch.aws.amazon.com @@ -36,14 +36,19 @@ spec: description: Instrumentation is the spec for OpenTelemetry instrumentation. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,9 +60,10 @@ spec: description: ApacheHttpd defines configuration for Apache HTTPD auto-instrumentation. properties: attrs: - description: 'Attrs defines Apache HTTPD agent specific attributes. - The precedence is: `agent default attributes` > `instrument - spec attributes` . Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module' + description: |- + Attrs defines Apache HTTPD agent specific attributes. The precedence is: + `agent default attributes` > `instrument spec attributes` . + Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module items: description: EnvVar represents an environment variable present in a Container. @@ -67,15 +73,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -88,9 +95,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -101,11 +109,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -120,10 +126,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -153,9 +158,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -171,16 +177,15 @@ spec: type: object type: array configPath: - description: Location of Apache HTTPD server configuration. Needed - only if different from default "/usr/local/apache2/conf" + description: |- + Location of Apache HTTPD server configuration. + Needed only if different from default "/usr/local/apache2/conf" type: string env: - description: 'Env defines Apache HTTPD specific env vars. There - are four layers for env vars'' definitions and the precedence - order is: `original container env vars` > `language specific - env vars` > `common env vars` > `instrument spec configs'' vars`. - If the former var had been defined, then the other vars would - be ignored.' + description: |- + Env defines Apache HTTPD specific env vars. There are four layers for env vars' definitions and + the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. + If the former var had been defined, then the other vars would be ignored. items: description: EnvVar represents an environment variable present in a Container. @@ -190,15 +195,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -211,9 +217,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -224,11 +231,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -243,10 +248,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -276,9 +280,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -300,19 +305,24 @@ spec: description: Resources describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -328,8 +338,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -338,11 +349,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object version: @@ -353,8 +364,9 @@ spec: anyOf: - type: integer - type: string - description: VolumeSizeLimit defines size limit for volume used - for auto-instrumentation. The default size is 200Mi. + description: |- + VolumeSizeLimit defines size limit for volume used for auto-instrumentation. + The default size is 200Mi. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -362,11 +374,10 @@ spec: description: DotNet defines configuration for DotNet auto-instrumentation. properties: env: - description: 'Env defines DotNet specific env vars. There are - four layers for env vars'' definitions and the precedence order - is: `original container env vars` > `language specific env vars` - > `common env vars` > `instrument spec configs'' vars`. If the - former var had been defined, then the other vars would be ignored.' + description: |- + Env defines DotNet specific env vars. There are four layers for env vars' definitions and + the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. + If the former var had been defined, then the other vars would be ignored. items: description: EnvVar represents an environment variable present in a Container. @@ -376,15 +387,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -397,9 +409,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -410,11 +423,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -429,10 +440,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -462,9 +472,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -486,19 +497,24 @@ spec: description: Resources describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -514,8 +530,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -524,28 +541,28 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object volumeLimitSize: anyOf: - type: integer - type: string - description: VolumeSizeLimit defines size limit for volume used - for auto-instrumentation. The default size is 200Mi. + description: |- + VolumeSizeLimit defines size limit for volume used for auto-instrumentation. + The default size is 200Mi. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object env: - description: 'Env defines common env vars. There are four layers for - env vars'' definitions and the precedence order is: `original container - env vars` > `language specific env vars` > `common env vars` > `instrument - spec configs'' vars`. If the former var had been defined, then the - other vars would be ignored.' + description: |- + Env defines common env vars. There are four layers for env vars' definitions and + the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. + If the former var had been defined, then the other vars would be ignored. items: description: EnvVar represents an environment variable present in a Container. @@ -554,15 +571,16 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using - the previously defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot @@ -575,8 +593,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -587,10 +607,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath is @@ -605,10 +624,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -637,8 +655,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -661,19 +681,17 @@ spec: type: string type: object go: - description: Go defines configuration for Go auto-instrumentation. - When using Go auto-instrumentation you must provide a value for - the OTEL_GO_AUTO_TARGET_EXE env var via the Instrumentation env - vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe - pod annotation. Failure to set this value causes instrumentation - injection to abort, leaving the original pod unchanged. + description: |- + Go defines configuration for Go auto-instrumentation. + When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the + Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. + Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged. properties: env: - description: 'Env defines Go specific env vars. There are four - layers for env vars'' definitions and the precedence order is: - `original container env vars` > `language specific env vars` - > `common env vars` > `instrument spec configs'' vars`. If the - former var had been defined, then the other vars would be ignored.' + description: |- + Env defines Go specific env vars. There are four layers for env vars' definitions and + the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. + If the former var had been defined, then the other vars would be ignored. items: description: EnvVar represents an environment variable present in a Container. @@ -683,15 +701,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -704,9 +723,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -717,11 +737,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -736,10 +754,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -769,9 +786,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -793,19 +811,24 @@ spec: description: Resources describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -821,8 +844,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -831,19 +855,20 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object volumeLimitSize: anyOf: - type: integer - type: string - description: VolumeSizeLimit defines size limit for volume used - for auto-instrumentation. The default size is 200Mi. + description: |- + VolumeSizeLimit defines size limit for volume used for auto-instrumentation. + The default size is 200Mi. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -851,11 +876,10 @@ spec: description: Java defines configuration for java auto-instrumentation. properties: env: - description: 'Env defines java specific env vars. There are four - layers for env vars'' definitions and the precedence order is: - `original container env vars` > `language specific env vars` - > `common env vars` > `instrument spec configs'' vars`. If the - former var had been defined, then the other vars would be ignored.' + description: |- + Env defines java specific env vars. There are four layers for env vars' definitions and + the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. + If the former var had been defined, then the other vars would be ignored. items: description: EnvVar represents an environment variable present in a Container. @@ -865,15 +889,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -886,9 +911,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -899,11 +925,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -918,10 +942,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -951,9 +974,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -976,19 +1000,24 @@ spec: description: Resources describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -1004,8 +1033,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1014,19 +1044,20 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object volumeLimitSize: anyOf: - type: integer - type: string - description: VolumeSizeLimit defines size limit for volume used - for auto-instrumentation. The default size is 200Mi. + description: |- + VolumeSizeLimit defines size limit for volume used for auto-instrumentation. + The default size is 200Mi. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -1034,9 +1065,10 @@ spec: description: Nginx defines configuration for Nginx auto-instrumentation. properties: attrs: - description: 'Attrs defines Nginx agent specific attributes. The - precedence order is: `agent default attributes` > `instrument - spec attributes` . Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module' + description: |- + Attrs defines Nginx agent specific attributes. The precedence order is: + `agent default attributes` > `instrument spec attributes` . + Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module items: description: EnvVar represents an environment variable present in a Container. @@ -1046,15 +1078,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -1067,9 +1100,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -1080,11 +1114,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -1099,10 +1131,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -1132,9 +1163,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1150,15 +1182,15 @@ spec: type: object type: array configFile: - description: Location of Nginx configuration file. Needed only - if different from default "/etx/nginx/nginx.conf" + description: |- + Location of Nginx configuration file. + Needed only if different from default "/etx/nginx/nginx.conf" type: string env: - description: 'Env defines Nginx specific env vars. There are four - layers for env vars'' definitions and the precedence order is: - `original container env vars` > `language specific env vars` - > `common env vars` > `instrument spec configs'' vars`. If the - former var had been defined, then the other vars would be ignored.' + description: |- + Env defines Nginx specific env vars. There are four layers for env vars' definitions and + the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. + If the former var had been defined, then the other vars would be ignored. items: description: EnvVar represents an environment variable present in a Container. @@ -1168,15 +1200,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -1189,9 +1222,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -1202,11 +1236,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -1221,10 +1253,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -1254,9 +1285,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1278,19 +1310,24 @@ spec: description: Resources describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -1306,8 +1343,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1316,19 +1354,20 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object volumeLimitSize: anyOf: - type: integer - type: string - description: VolumeSizeLimit defines size limit for volume used - for auto-instrumentation. The default size is 200Mi. + description: |- + VolumeSizeLimit defines size limit for volume used for auto-instrumentation. + The default size is 200Mi. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -1336,11 +1375,10 @@ spec: description: NodeJS defines configuration for nodejs auto-instrumentation. properties: env: - description: 'Env defines nodejs specific env vars. There are - four layers for env vars'' definitions and the precedence order - is: `original container env vars` > `language specific env vars` - > `common env vars` > `instrument spec configs'' vars`. If the - former var had been defined, then the other vars would be ignored.' + description: |- + Env defines nodejs specific env vars. There are four layers for env vars' definitions and + the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. + If the former var had been defined, then the other vars would be ignored. items: description: EnvVar represents an environment variable present in a Container. @@ -1350,15 +1388,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -1371,9 +1410,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -1384,11 +1424,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -1403,10 +1441,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -1436,9 +1473,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1460,19 +1498,24 @@ spec: description: Resources describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -1488,8 +1531,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1498,26 +1542,28 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object volumeLimitSize: anyOf: - type: integer - type: string - description: VolumeSizeLimit defines size limit for volume used - for auto-instrumentation. The default size is 200Mi. + description: |- + VolumeSizeLimit defines size limit for volume used for auto-instrumentation. + The default size is 200Mi. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object propagators: - description: Propagators defines inter-process context propagation - configuration. Values in this list will be set in the OTEL_PROPAGATORS - env var. Enum=tracecontext;baggage;b3;b3multi;jaeger;xray;ottrace;none + description: |- + Propagators defines inter-process context propagation configuration. + Values in this list will be set in the OTEL_PROPAGATORS env var. + Enum=tracecontext;baggage;b3;b3multi;jaeger;xray;ottrace;none items: description: Propagator represents the propagation type. enum: @@ -1535,11 +1581,10 @@ spec: description: Python defines configuration for python auto-instrumentation. properties: env: - description: 'Env defines python specific env vars. There are - four layers for env vars'' definitions and the precedence order - is: `original container env vars` > `language specific env vars` - > `common env vars` > `instrument spec configs'' vars`. If the - former var had been defined, then the other vars would be ignored.' + description: |- + Env defines python specific env vars. There are four layers for env vars' definitions and + the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. + If the former var had been defined, then the other vars would be ignored. items: description: EnvVar represents an environment variable present in a Container. @@ -1549,15 +1594,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -1570,9 +1616,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -1583,11 +1630,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -1602,10 +1647,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -1635,9 +1679,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -1659,19 +1704,24 @@ spec: description: Resources describes the compute resource requirements. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -1687,8 +1737,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1697,19 +1748,20 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object volumeLimitSize: anyOf: - type: integer - type: string - description: VolumeSizeLimit defines size limit for volume used - for auto-instrumentation. The default size is 200Mi. + description: |- + VolumeSizeLimit defines size limit for volume used for auto-instrumentation. + The default size is 200Mi. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -1724,23 +1776,26 @@ spec: resourceAttributes: additionalProperties: type: string - description: 'Attributes defines attributes that are added to - the resource. For example environment: dev' + description: |- + Attributes defines attributes that are added to the resource. + For example environment: dev type: object type: object sampler: description: Sampler defines sampling configuration. properties: argument: - description: Argument defines sampler argument. The value depends - on the sampler type. For instance for parentbased_traceidratio - sampler type it is a number in range [0..1] e.g. 0.25. The value - will be set in the OTEL_TRACES_SAMPLER_ARG env var. + description: |- + Argument defines sampler argument. + The value depends on the sampler type. + For instance for parentbased_traceidratio sampler type it is a number in range [0..1] e.g. 0.25. + The value will be set in the OTEL_TRACES_SAMPLER_ARG env var. type: string type: - description: Type defines sampler type. The value will be set - in the OTEL_TRACES_SAMPLER env var. The value can be for instance - parentbased_always_on, parentbased_always_off, parentbased_traceidratio... + description: |- + Type defines sampler type. + The value will be set in the OTEL_TRACES_SAMPLER env var. + The value can be for instance parentbased_always_on, parentbased_always_off, parentbased_traceidratio... enum: - always_on - always_off diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_neuronmonitors.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_neuronmonitors.yaml index 076c9327d..f523ed2a4 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_neuronmonitors.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_neuronmonitors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: neuronmonitors.cloudwatch.aws.amazon.com spec: group: cloudwatch.aws.amazon.com @@ -41,14 +41,19 @@ spec: description: NeuronMonitor is the Schema for the NeuronMonitor API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -63,22 +68,20 @@ spec: pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the @@ -88,30 +91,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -124,30 +123,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -169,50 +164,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -225,30 +216,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -270,16 +257,15 @@ spec: this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm @@ -290,37 +276,33 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -333,89 +315,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -428,40 +395,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -470,53 +434,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -528,84 +490,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -617,32 +569,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: @@ -656,16 +604,15 @@ spec: other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm @@ -676,37 +623,33 @@ spec: with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -719,89 +662,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -814,40 +742,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -856,53 +781,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -914,84 +837,74 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1003,32 +916,28 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. Empty topologyKey is not allowed. type: string required: @@ -1044,22 +953,22 @@ spec: Exporter binary type: object command: - description: 'Entrypoint array. Not executed within a shell. The container - image''s ENTRYPOINT is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. If - a variable cannot be resolved, the reference in the input string - will be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell items: type: string type: array env: - description: ENV vars to set on the Neuron Monitor Exporter Pods. - These can then in certain cases be consumed in the config file for - the Collector. + description: |- + ENV vars to set on the Neuron Monitor Exporter Pods. These can then in certain cases be + consumed in the config file for the Collector. items: description: EnvVar represents an environment variable present in a Container. @@ -1068,15 +977,16 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using - the previously defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot @@ -1089,8 +999,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1101,10 +1013,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath is @@ -1119,10 +1030,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -1151,8 +1061,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1177,51 +1089,58 @@ spec: nodeSelector: additionalProperties: type: string - description: NodeSelector to schedule Neuron Monitor Exporter pods. - This is only relevant to daemonset, statefulset, and deployment - mode + description: |- + NodeSelector to schedule Neuron Monitor Exporter pods. + This is only relevant to daemonset, statefulset, and deployment mode type: object ports: - description: Ports allows a set of ports to be exposed by the underlying - v1.Service. By default, the operator will attempt to infer the required - ports by parsing the .Spec.Config property but this property can - be used to open additional ports that can't be inferred by the operator, - like for custom receivers. + description: |- + Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator + will attempt to infer the required ports by parsing the .Spec.Config property but this property can be + used to open additional ports that can't be inferred by the operator, like for custom receivers. items: description: ServicePort contains information on service's port. properties: appProtocol: - description: "The application protocol for this port. This is - used as a hint for implementations to offer richer behavior - for protocols that they understand. This field follows standard - Kubernetes label syntax. Valid values are either: \n * Un-prefixed - protocol names - reserved for IANA standard service names - (as per RFC-6335 and https://www.iana.org/assignments/service-names). - \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- - * 'kubernetes.io/ws' - WebSocket over cleartext as described - in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - \n * Other protocols should use implementation-defined prefixed - names such as mycompany.com/my-custom-protocol." + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. type: string name: - description: The name of this port within the service. This - must be a DNS_LABEL. All ports within a ServiceSpec must have - unique names. When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. Optional - if only one ServicePort is defined on this service. + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. type: string nodePort: - description: 'The port on each node on which this service is - exposed when type is NodePort or LoadBalancer. Usually assigned - by the system. If a value is specified, in-range, and not - in use it will be used, otherwise the operation will fail. If - not specified, a port will be allocated if this Service requires - one. If this field is specified when creating a Service which - does not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport format: int32 type: integer port: @@ -1230,21 +1149,23 @@ spec: type: integer protocol: default: TCP - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. type: string targetPort: anyOf: - type: integer - type: string - description: 'Number or name of the port to access on the pods - targeted by the service. Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the target Pod''s - container ports. If this is not specified, the value of the - ''port'' field is used (an identity map). This field is ignored - for services with clusterIP=None, and should be omitted or - set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service x-kubernetes-int-or-string: true required: - port @@ -1255,18 +1176,24 @@ spec: description: Resources to set on the Neuron Monitor Exporter pods. properties: claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -1282,8 +1209,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1292,33 +1220,42 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object securityContext: - description: "SecurityContext configures the container security context - for the amazon-cloudwatch-agent container. \n In deployment, daemonset, - or statefulset mode, this controls the security context settings - for the primary application container. \n In sidecar mode, this - controls the security context for the injected sidecar container." + description: |- + SecurityContext configures the container security context for + the amazon-cloudwatch-agent container. + + + In deployment, daemonset, or statefulset mode, this controls + the security context settings for the primary application + container. + + + In sidecar mode, this controls the security context for the + injected sidecar container. properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool - directly controls if the no_new_privs flag will be set on the - container process. AllowPrivilegeEscalation is true always when - the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name - is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -1334,56 +1271,60 @@ spec: type: array type: object privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name - is windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to use for - the containers. The default is DefaultProcMount which uses the - container runtime defaults for readonly paths and masked paths. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. + description: |- + The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name - is windows. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies to @@ -1403,68 +1344,111 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by this container. If - seccomp options are provided at both the pod & container level, - the container options override the pod options. Note that this - field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccount: - description: ServiceAccount indicates the name of an existing service - account to use with this instance. When set, the operator will not - automatically create a ServiceAccount for the collector. + description: |- + ServiceAccount indicates the name of an existing service account to use with this instance. When set, + the operator will not automatically create a ServiceAccount for the collector. type: string + tolerations: + description: |- + Toleration to schedule Neuron Monitor Exporter pods. + This is only relevant to daemonset, statefulset, and deployment mode + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array volumeMounts: description: VolumeMounts represents the mount points to use in the underlying collector deployment(s) @@ -1473,32 +1457,36 @@ spec: a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1514,34 +1502,36 @@ spec: be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore type: string required: - volumeID @@ -1563,10 +1553,10 @@ spec: storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: description: 'kind expected values are Shared: multiple @@ -1575,8 +1565,9 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean required: - diskName @@ -1587,8 +1578,9 @@ spec: on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretName: description: secretName is the name of secret that contains @@ -1606,8 +1598,9 @@ spec: shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it items: type: string type: array @@ -1616,61 +1609,72 @@ spec: rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md type: string required: - volumeID @@ -1680,27 +1684,25 @@ spec: this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -1708,22 +1710,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -1731,8 +1732,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -1746,41 +1749,43 @@ spec: feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. type: object required: - driver @@ -1790,16 +1795,15 @@ spec: that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: @@ -1826,15 +1830,13 @@ spec: type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: @@ -1845,10 +1847,9 @@ spec: with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -1875,73 +1876,94 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. properties: annotations: additionalProperties: @@ -1961,37 +1983,35 @@ spec: type: string type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -2007,45 +2027,36 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being @@ -2056,27 +2067,22 @@ spec: referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: limits: additionalProperties: @@ -2085,8 +2091,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -2095,12 +2102,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -2112,28 +2118,24 @@ spec: selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2146,46 +2148,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 type: string volumeAttributesClassName: - description: 'volumeAttributesClassName may be used - to set the VolumeAttributesClass used by this - claim. If specified, the CSI driver will create - or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This - has a different purpose than storageClassName, - it can be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s not allowed - to reset this field to empty string once it is - set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim will - be set to a Pending state, as reflected by the - modifyVolumeStatus field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference @@ -2202,19 +2195,20 @@ spec: pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean targetWWNs: description: 'targetWWNs is Optional: FC target worldwide @@ -2223,26 +2217,27 @@ spec: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. properties: driver: description: driver is the name of the driver to use for this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: @@ -2251,20 +2246,23 @@ spec: command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2277,9 +2275,9 @@ spec: service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated type: string datasetUUID: description: datasetUUID is the UUID of the dataset. This @@ -2287,52 +2285,55 @@ spec: type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. type: string repository: description: repository is the URL @@ -2345,51 +2346,61 @@ spec: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md properties: chapAuthDiscovery: description: chapAuthDiscovery defines whether support iSCSI @@ -2400,56 +2411,59 @@ spec: Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. type: string iqn: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). type: string lun: description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. type: boolean secretRef: description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -2457,43 +2471,51 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - claimName @@ -2503,10 +2525,10 @@ spec: persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: description: pdID is the ID that identifies Photon Controller @@ -2520,14 +2542,15 @@ spec: and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: volumeID uniquely identifies a Portworx volume @@ -2540,14 +2563,13 @@ spec: configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: @@ -2557,54 +2579,54 @@ spec: other supported volume types properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access - the `.spec.trustBundle` field of ClusterTrustBundle - objects in an auto-updating file. \n Alpha, gated - by the ClusterTrustBundleProjection feature gate. - \n ClusterTrustBundle objects can either be selected - by name, or by the combination of signer name and - a label selector. \n Kubelet performs aggressive - normalization of the PEM contents written into the - pod filesystem. Esoteric PEM features such as inter-block - comments and block headers are stripped. Certificates - are deduplicated. The ordering of certificates within - the file is arbitrary, and Kubelet may change the - order over time." + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. properties: labelSelector: - description: Select all ClusterTrustBundles that - match this label selector. Only has effect - if signerName is set. Mutually-exclusive with - name. If unset, interpreted as "match nothing". If - set but empty, interpreted as "match everything". + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2617,37 +2639,35 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive with signerName - and labelSelector. + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. type: string optional: - description: If true, don't block pod startup - if the referenced ClusterTrustBundle(s) aren't - available. If using name, then the named ClusterTrustBundle - is allowed not to exist. If using signerName, - then the combination of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. type: boolean path: description: Relative path from the volume root to write the bundle. type: string signerName: - description: Select all ClusterTrustBundles that - match this signer name. Mutually-exclusive with - name. The contents of all selected ClusterTrustBundles - will be unified and deduplicated. + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. type: string required: - path @@ -2657,17 +2677,14 @@ spec: data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -2676,25 +2693,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -2702,10 +2715,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -2744,17 +2757,13 @@ spec: type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: @@ -2766,10 +2775,9 @@ spec: with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. properties: containerName: description: 'Container name: required @@ -2802,17 +2810,14 @@ spec: to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. @@ -2821,25 +2826,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -2847,10 +2848,10 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -2863,29 +2864,26 @@ spec: the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. + description: |- + path is the path relative to the mount point of the file to project the + token into. type: string required: - path @@ -2898,28 +2896,30 @@ spec: that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group + description: |- + group to map volume access to + Default is no group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user + description: |- + user to map volume access to + Defaults to serivceaccount user type: string volume: description: volume is a string that references an already @@ -2930,54 +2930,68 @@ spec: - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string required: - image @@ -2988,9 +3002,11 @@ spec: attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". type: string gateway: description: gateway is the host address of the ScaleIO @@ -3001,17 +3017,20 @@ spec: Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3020,8 +3039,8 @@ spec: with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: @@ -3033,9 +3052,9 @@ spec: configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. type: string required: - gateway @@ -3043,31 +3062,30 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -3075,22 +3093,21 @@ spec: description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -3102,8 +3119,9 @@ spec: its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret type: string type: object storageos: @@ -3111,40 +3129,42 @@ spec: and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: @@ -3152,10 +3172,10 @@ spec: and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: description: storagePolicyID is the storage Policy Based @@ -3186,35 +3206,38 @@ spec: Monitor Exporter. type: string messages: - description: 'Messages about actions performed by the operator on - this resource. Deprecated: use Kubernetes events instead.' + description: |- + Messages about actions performed by the operator on this resource. + Deprecated: use Kubernetes events instead. items: type: string type: array x-kubernetes-list-type: atomic replicas: - description: 'Replicas is currently not being set and might be removed - in the next version. Deprecated: use "NeuronMonitor.Status.Scale.Replicas" - instead.' + description: |- + Replicas is currently not being set and might be removed in the next version. + Deprecated: use "NeuronMonitor.Status.Scale.Replicas" instead. format: int32 type: integer scale: description: Scale is the NeuronMonitor's scale subresource status. properties: replicas: - description: The total number non-terminated pods targeted by - this AmazonCloudWatchAgent's deployment or statefulSet. + description: |- + The total number non-terminated pods targeted by this + AmazonCloudWatchAgent's deployment or statefulSet. format: int32 type: integer selector: - description: The selector used to match the AmazonCloudWatchAgent's + description: |- + The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods. type: string statusReplicas: - description: StatusReplicas is the number of pods targeted by - this AmazonCloudWatchAgent's with a Ready Condition / Total - number of non-terminated pods targeted by this AmazonCloudWatchAgent's - (their labels match the selector). Deployment, Daemonset, StatefulSet. + description: |- + StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / + Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). + Deployment, Daemonset, StatefulSet. type: string type: object version: diff --git a/docs/api.md b/docs/api.md index 5fa8eafb9..0402e3a10 100644 --- a/docs/api.md +++ b/docs/api.md @@ -315,13 +315,6 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
false - - targetAllocator - object - - TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not.
- - false terminationGracePeriodSeconds integer @@ -8956,2271 +8949,6 @@ The Windows specific settings applied to all containers. If unspecified, the opt -### AmazonCloudWatchAgent.spec.targetAllocator -[↩ Parent](#amazoncloudwatchagentspec) - - - -TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
affinityobject - If specified, indicates the pod's scheduling constraints
- 		false
allocationStrategyenum - AllocationStrategy determines which strategy the target allocator should use for allocation. The current options are least-weighted and consistent-hashing. The default option is least-weighted
-
- Enum: least-weighted, consistent-hashing
- 		false
enabledboolean - Enabled indicates whether to use a target allocation mechanism for Prometheus targets or not.
- 		false
env[]object - ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be consumed in the config file for the TargetAllocator.
- 		false
filterStrategystring - FilterStrategy determines how to filter targets before allocating them among the collectors. The only current option is relabel-config (drops targets based on prom relabel_config).
- 		false
imagestring - Image indicates the container image to use for the OpenTelemetry TargetAllocator.
- 		false
nodeSelectormap[string]string - NodeSelector to schedule OpenTelemetry TargetAllocator pods.
- 		false
prometheusCRobject - PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval.
- 		false
replicasinteger - Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value other than 1 if a strategy that allows for high availability is chosen.
-
- Format: int32
- 		false
resourcesobject - Resources to set on the OpenTelemetryTargetAllocator containers.
- 		false
securityContextobject - SecurityContext configures the container security context for the targetallocator.
- 		false
serviceAccountstring - ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the TargetAllocator.
- 		false
tolerations[]object - Toleration embedded kubernetes pod configuration option, controls how pods can be scheduled with matching taints
- 		false
topologySpreadConstraints[]object - TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined top
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -If specified, indicates the pod's scheduling constraints - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
nodeAffinityobject - Describes node affinity scheduling rules for the pod.
- 		false
podAffinityobject - Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
- 		false
podAntiAffinityobject - Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) - - - -Describes node affinity scheduling rules for the pod. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
- 		false
requiredDuringSchedulingIgnoredDuringExecutionobject - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) - - - -An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
preferenceobject - A node selector term, associated with the corresponding weight.
- 		true
weightinteger - Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
- Format: int32
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindex) - - - -A node selector term, associated with the corresponding weight. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - A list of node selector requirements by node's labels.
- 		false
matchFields[]object - A list of node selector requirements by node's fields.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) - - - -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The label key that the selector applies to.
- 		true
operatorstring - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- 		true
values[]string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) - - - -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The label key that the selector applies to.
- 		true
operatorstring - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- 		true
values[]string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) - - - -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
nodeSelectorTerms[]object - Required. A list of node selector terms. The terms are ORed.
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecution) - - - -A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - A list of node selector requirements by node's labels.
- 		false
matchFields[]object - A list of node selector requirements by node's fields.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) - - - -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The label key that the selector applies to.
- 		true
operatorstring - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- 		true
values[]string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) - - - -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The label key that the selector applies to.
- 		true
operatorstring - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- 		true
values[]string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) - - - -Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
- 		false
requiredDuringSchedulingIgnoredDuringExecution[]object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) - - - -The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
podAffinityTermobject - Required. A pod affinity term, associated with the corresponding weight.
- 		true
weightinteger - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
- Format: int32
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindex) - - - -Required. A pod affinity term, associated with the corresponding weight. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
topologyKeystring - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose
- 		true
labelSelectorobject - A label query over a set of resources, in this case pods.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field.
- 		false
namespaces[]string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) - - - -A label query over a set of resources, in this case pods. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) - - - -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) - - - -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-locate - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
topologyKeystring - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose
- 		true
labelSelectorobject - A label query over a set of resources, in this case pods.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field.
- 		false
namespaces[]string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) - - - -A label query over a set of resources, in this case pods. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) - - - -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) - - - -Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
- 		false
requiredDuringSchedulingIgnoredDuringExecution[]object - If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) - - - -The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
podAffinityTermobject - Required. A pod affinity term, associated with the corresponding weight.
- 		true
weightinteger - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
-
- Format: int32
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindex) - - - -Required. A pod affinity term, associated with the corresponding weight. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
topologyKeystring - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose
- 		true
labelSelectorobject - A label query over a set of resources, in this case pods.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field.
- 		false
namespaces[]string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) - - - -A label query over a set of resources, in this case pods. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) - - - -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) - - - -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-locate - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
topologyKeystring - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose
- 		true
labelSelectorobject - A label query over a set of resources, in this case pods.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field.
- 		false
namespaces[]string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) - - - -A label query over a set of resources, in this case pods. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) - - - -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -EnvVar represents an environment variable present in a Container. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name of the environment variable. Must be a C_IDENTIFIER.
- 		true
valuestring - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables.
- 		false
valueFromobject - Source for the environment variable's value. Cannot be used if value is not empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindex) - - - -Source for the environment variable's value. Cannot be used if value is not empty. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
configMapKeyRefobject - Selects a key of a ConfigMap.
- 		false
fieldRefobject - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.
- 		false
resourceFieldRefobject - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.
- 		false
secretKeyRefobject - Selects a key of a secret in the pod's namespace
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.configMapKeyRef -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) - - - -Selects a key of a ConfigMap. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The key to select.
- 		true
namestring - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
- 		false
optionalboolean - Specify whether the ConfigMap or its key must be defined
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.fieldRef -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) - - - -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
fieldPathstring - Path of the field to select in the specified API version.
- 		true
apiVersionstring - Version of the schema the FieldPath is written in terms of, defaults to "v1".
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.resourceFieldRef -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) - - - -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
resourcestring - Required: resource to select
- 		true
containerNamestring - Container name: required for volumes, optional for env vars
- 		false
divisorint or string - Specifies the output format of the exposed resources, defaults to "1"
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.secretKeyRef -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) - - - -Selects a key of a secret in the pod's namespace - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The key of the secret to select from. Must be a valid secret key.
- 		true
namestring - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
- 		false
optionalboolean - Specify whether the Secret or its key must be defined
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.prometheusCR -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
enabledboolean - Enabled indicates whether to use a PrometheusOperator custom resources as targets or not.
- 		false
podMonitorSelectormap[string]string - PodMonitors to be selected for target discovery. This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a PodMonitor's meta labels.
- 		false
scrapeIntervalstring - Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. - Default: "30s"
-
- Format: duration
- Default: 30s
- 		false
serviceMonitorSelectormap[string]string - ServiceMonitors to be selected for target discovery. This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a ServiceMonitor's meta labels.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.resources -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -Resources to set on the OpenTelemetryTargetAllocator containers. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
claims[]object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
- 		false
limitsmap[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- 		false
requestsmap[string]int or string - Requests describes the minimum amount of compute resources required.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.resources.claims[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatorresources) - - - -ResourceClaim references one entry in PodSpec.ResourceClaims. - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -SecurityContext configures the container security context for the targetallocator. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
fsGroupinteger - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1.
-
- Format: int64
- 		false
fsGroupChangePolicystring - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod.
- 		false
runAsGroupinteger - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.
-
- Format: int64
- 		false
runAsNonRootboolean - Indicates that the container must run as a non-root user.
- 		false
runAsUserinteger - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext.
-
- Format: int64
- 		false
seLinuxOptionsobject - The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext.
- 		false
seccompProfileobject - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
- 		false
supplementalGroups[]integer - A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for th
- 		false
sysctls[]object - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.
- 		false
windowsOptionsobject - The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seLinuxOptions -[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) - - - -The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
levelstring - Level is SELinux level label that applies to the container.
- 		false
rolestring - Role is a SELinux role label that applies to the container.
- 		false
typestring - Type is a SELinux type label that applies to the container.
- 		false
userstring - User is a SELinux user label that applies to the container.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seccompProfile -[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) - - - -The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
typestring - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used.
- 		true
localhostProfilestring - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.sysctls[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) - - - -Sysctl defines a kernel parameter to be set - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name of a property to set
- 		true
valuestring - Value of a property to set
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.windowsOptions -[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) - - - -The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
gmsaCredentialSpecstring - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
- 		false
gmsaCredentialSpecNamestring - GMSACredentialSpecName is the name of the GMSA credential spec to use.
- 		false
hostProcessboolean - HostProcess determines if a container should be run as a 'Host Process' container.
- 		false
runAsUserNamestring - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.tolerations[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
effectstring - Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- 		false
keystring - Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- 		false
operatorstring - Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal.
- 		false
tolerationSecondsinteger - TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint.
-
- Format: int64
- 		false
valuestring - Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -TopologySpreadConstraint specifies how to spread matching pods among the given topology. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
maxSkewinteger - MaxSkew describes the degree to which pods may be unevenly distributed.
-
- Format: int32
- 		true
topologyKeystring - TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology.
- 		true
whenUnsatisfiablestring - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it.
- 		true
labelSelectorobject - LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
- 		false
matchLabelKeys[]string - MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated.
- 		false
minDomainsinteger - MinDomains indicates a minimum number of eligible domains.
-
- Format: int32
- 		false
nodeAffinityPolicystring - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew.
- 		false
nodeTaintsPolicystring - NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindex) - - - -LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindexlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.
- 		false
- - ### AmazonCloudWatchAgent.spec.tolerations[index] [↩ Parent](#amazoncloudwatchagentspec) From 15a2e2b4de2cd90b5cc37cca0ec13a993157c0b2 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 18:21:23 -0400 Subject: [PATCH 08/99] Updated webhooks. --- apis/v1alpha1/collector_webhook.go | 26 ++++++++++++++++++++++ apis/v1alpha1/collector_webhook_test.go | 29 +++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 3ce5de731..0a1922727 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -6,6 +6,8 @@ package v1alpha1 import ( "context" "fmt" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" "github.com/go-logr/logr" autoscalingv2 "k8s.io/api/autoscaling/v2" @@ -87,6 +89,9 @@ func (c CollectorWebhook) defaulter(r *AmazonCloudWatchAgent) error { if r.Spec.Replicas == nil { r.Spec.Replicas = &one } + if r.Spec.TargetAllocator.Enabled && r.Spec.TargetAllocator.Replicas == nil { + r.Spec.TargetAllocator.Replicas = &one + } if r.Spec.MaxReplicas != nil || (r.Spec.Autoscaler != nil && r.Spec.Autoscaler.MaxReplicas != nil) { if r.Spec.Autoscaler == nil { @@ -163,6 +168,27 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'AdditionalContainers'", r.Spec.Mode) } + // validate target allocation + if r.Spec.TargetAllocator.Enabled && r.Spec.Mode != ModeStatefulSet { + return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the target allocation deployment", r.Spec.Mode) + } + + // validate Prometheus config for target allocation + if r.Spec.TargetAllocator.Enabled { + promCfg, err := ta.ConfigToPromConfig(r.Spec.Config) + if err != nil { + return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) + } + err = ta.ValidatePromConfig(promCfg, r.Spec.TargetAllocator.Enabled, featuregate.EnableTargetAllocatorRewrite.IsEnabled()) + if err != nil { + return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) + } + err = ta.ValidateTargetAllocatorConfig(r.Spec.TargetAllocator.PrometheusCR.Enabled, promCfg) + if err != nil { + return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) + } + } + // validator port config for _, p := range r.Spec.Ports { nameErrs := validation.IsValidPortName(p.Name) diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index 55dc99932..5e24240cc 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -273,6 +273,7 @@ func TestOTELColDefaultingWebhook(t *testing.T) { scheme: testScheme, cfg: config.New( config.WithCollectorImage("collector:v0.0.0"), + config.WithTargetAllocatorImage("ta:v0.0.0"), ), } ctx := context.Background() @@ -313,6 +314,9 @@ func TestOTELColValidatingWebhook(t *testing.T) { Replicas: &three, MaxReplicas: &five, UpgradeStrategy: "adhoc", + TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, Config: `receivers: examplereceiver: endpoint: "0.0.0.0:12345" @@ -373,6 +377,30 @@ func TestOTELColValidatingWebhook(t *testing.T) { }, expectedErr: "does not support the attribute 'tolerations'", }, + { + name: "invalid mode with target allocator", + otelcol: AmazonCloudWatchAgent{ + Spec: AmazonCloudWatchAgentSpec{ + Mode: ModeDeployment, + TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + }, + }, + expectedErr: "does not support the target allocation deployment", + }, + { + name: "invalid target allocator config", + otelcol: AmazonCloudWatchAgent{ + Spec: AmazonCloudWatchAgentSpec{ + Mode: ModeStatefulSet, + TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + }, + }, + expectedErr: "the OpenTelemetry Spec Prometheus configuration is incorrect", + }, { name: "invalid port name", otelcol: AmazonCloudWatchAgent{ @@ -755,6 +783,7 @@ func TestOTELColValidatingWebhook(t *testing.T) { scheme: testScheme, cfg: config.New( config.WithCollectorImage("collector:v0.0.0"), + config.WithTargetAllocatorImage("ta:v0.0.0"), ), } ctx := context.Background() From 2c7b788e60ac9ed4db9666e8c8c792e8686b2cf9 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 18:44:19 -0400 Subject: [PATCH 09/99] Updated config_replace.go to include allocator logic. --- .../manifests/collector/config_replace.go | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index e11d2e170..6d53447f6 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -5,6 +5,9 @@ package collector import ( "encoding/json" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" _ "github.com/prometheus/prometheus/discovery/install" // Package install has the side-effect of registering all builtin. @@ -13,11 +16,55 @@ import ( ) func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { + // Check if TargetAllocator is enabled, if not, return the original config + if !instance.Spec.TargetAllocator.Enabled { + return instance.Spec.Config, nil + } + config, err := adapters.ConfigFromJSONString(instance.Spec.Config) if err != nil { return "", err } + promCfgMap, getCfgPromErr := ta.ConfigToPromConfig(instance.Spec.Config) + if getCfgPromErr != nil { + return "", getCfgPromErr + } + + validateCfgPromErr := ta.ValidatePromConfig(promCfgMap, instance.Spec.TargetAllocator.Enabled, featuregate.EnableTargetAllocatorRewrite.IsEnabled()) + if validateCfgPromErr != nil { + return "", validateCfgPromErr + } + + if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { + // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters + // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. + updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + if getCfgPromErr != nil { + return "", getCfgPromErr + } + + // type coercion checks are handled in the AddTAConfigToPromConfig method above + config["receivers"].(map[interface{}]interface{})["prometheus"] = updPromCfgMap + + out, updCfgMarshalErr := json.Marshal(config) + if updCfgMarshalErr != nil { + return "", updCfgMarshalErr + } + + return string(out), nil + } + + // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters + // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. + updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + if err != nil { + return "", err + } + + // type coercion checks are handled in the ConfigToPromConfig method above + config["receivers"].(map[interface{}]interface{})["prometheus"] = updPromCfgMap + out, err := json.Marshal(config) if err != nil { return "", err From 4202faee69ab83e3ddc74c15b3c22627ef886576 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 18:52:27 -0400 Subject: [PATCH 10/99] Revert "Updated config_replace.go to include allocator logic." This reverts commit 2c7b788e60ac9ed4db9666e8c8c792e8686b2cf9. --- .../manifests/collector/config_replace.go | 47 ------------------- 1 file changed, 47 deletions(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 6d53447f6..e11d2e170 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -5,9 +5,6 @@ package collector import ( "encoding/json" - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" - "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" _ "github.com/prometheus/prometheus/discovery/install" // Package install has the side-effect of registering all builtin. @@ -16,55 +13,11 @@ import ( ) func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { - // Check if TargetAllocator is enabled, if not, return the original config - if !instance.Spec.TargetAllocator.Enabled { - return instance.Spec.Config, nil - } - config, err := adapters.ConfigFromJSONString(instance.Spec.Config) if err != nil { return "", err } - promCfgMap, getCfgPromErr := ta.ConfigToPromConfig(instance.Spec.Config) - if getCfgPromErr != nil { - return "", getCfgPromErr - } - - validateCfgPromErr := ta.ValidatePromConfig(promCfgMap, instance.Spec.TargetAllocator.Enabled, featuregate.EnableTargetAllocatorRewrite.IsEnabled()) - if validateCfgPromErr != nil { - return "", validateCfgPromErr - } - - if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { - // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters - // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. - updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) - if getCfgPromErr != nil { - return "", getCfgPromErr - } - - // type coercion checks are handled in the AddTAConfigToPromConfig method above - config["receivers"].(map[interface{}]interface{})["prometheus"] = updPromCfgMap - - out, updCfgMarshalErr := json.Marshal(config) - if updCfgMarshalErr != nil { - return "", updCfgMarshalErr - } - - return string(out), nil - } - - // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters - // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. - updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) - if err != nil { - return "", err - } - - // type coercion checks are handled in the ConfigToPromConfig method above - config["receivers"].(map[interface{}]interface{})["prometheus"] = updPromCfgMap - out, err := json.Marshal(config) if err != nil { return "", err From ea3c937b1ec15c2c7f496636610225ef0dfb1f83 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 18:59:51 -0400 Subject: [PATCH 11/99] Updated doc and imports. --- apis/v1alpha1/collector_webhook.go | 1 + docs/api.md | 11087 ++++++++++++++++++++++----- 2 files changed, 9322 insertions(+), 1766 deletions(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 0a1922727..800758893 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -6,6 +6,7 @@ package v1alpha1 import ( "context" "fmt" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" diff --git a/docs/api.md b/docs/api.md index 0402e3a10..2756500c8 100644 --- a/docs/api.md +++ b/docs/api.md @@ -93,9 +93,20 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. additionalContainers []object - AdditionalContainers allows injecting additional containers into the Collector's pod definition. These sidecar containers can be used for authentication proxies, log shipping sidecars, agents for shipping metrics to their cloud, or in general sidecars that do not support automatic injection. This option only applies to Deployment, DaemonSet, and StatefulSet deployment modes of the collector. It does not apply to the sidecar deployment mode. More info about sidecars: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - Container names managed by the operator: * `otc-container` - Overriding containers managed by the operator is outside the scope of what the maintainers will support and by doing so, you wil accept the risk of it breaking things.
+ AdditionalContainers allows injecting additional containers into the Collector's pod definition. +These sidecar containers can be used for authentication proxies, log shipping sidecars, agents for shipping +metrics to their cloud, or in general sidecars that do not support automatic injection. This option only +applies to Deployment, DaemonSet, and StatefulSet deployment modes of the collector. It does not apply to the sidecar +deployment mode. More info about sidecars: +https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + + +Container names managed by the operator: +* `otc-container` + + +Overriding containers managed by the operator is outside the scope of what the maintainers will support and by +doing so, you wil accept the risk of it breaking things.
false @@ -116,7 +127,8 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. autoscaler object - Autoscaler specifies the pod autoscaling configuration to use for the AmazonCloudWatchAgent workload.
+ Autoscaler specifies the pod autoscaling configuration to use +for the AmazonCloudWatchAgent workload.
false @@ -130,21 +142,25 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. configmaps []object - ConfigMaps is a list of ConfigMaps in the same namespace as the AmazonCloudWatchAgent object, which shall be mounted into the Collector Pods. Each ConfigMap will be added to the Collector's Deployments as a volume named `configmap-`.
+ ConfigMaps is a list of ConfigMaps in the same namespace as the AmazonCloudWatchAgent +object, which shall be mounted into the Collector Pods. +Each ConfigMap will be added to the Collector's Deployments as a volume named `configmap-`.
false env []object - ENV vars to set on the OpenTelemetry Collector's Pods. These can then in certain cases be consumed in the config file for the Collector.
+ ENV vars to set on the OpenTelemetry Collector's Pods. These can then in certain cases be +consumed in the config file for the Collector.
false envFrom []object - List of sources to populate environment variables on the OpenTelemetry Collector's Pods. These can then in certain cases be consumed in the config file for the Collector.
+ List of sources to populate environment variables on the OpenTelemetry Collector's Pods. +These can then in certain cases be consumed in the config file for the Collector.
false @@ -172,14 +188,20 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. ingress object - Ingress is used to specify how OpenTelemetry Collector is exposed. This functionality is only available if one of the valid modes is set. Valid modes are: deployment, daemonset and statefulset.
+ Ingress is used to specify how OpenTelemetry Collector is exposed. This +functionality is only available if one of the valid modes is set. +Valid modes are: deployment, daemonset and statefulset.
false initContainers []object - InitContainers allows injecting initContainers to the Collector's pod definition. These init containers can be used to fetch secrets for injection into the configuration from external sources, run added checks, etc. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ InitContainers allows injecting initContainers to the Collector's pod definition. +These init containers can be used to fetch secrets for injection into the +configuration from external sources, run added checks, etc. Any errors during the execution of +an initContainer will lead to a restart of the Pod. More info: +https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
false @@ -193,14 +215,16 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. livenessProbe object - Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
+ Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. +It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
false managementState enum - ManagementState defines if the CR should be managed by the operator or not. Default is managed.
+ ManagementState defines if the CR should be managed by the operator or not. +Default is managed.

Enum: managed, unmanaged
Default: managed
@@ -210,7 +234,8 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. maxReplicas integer - MaxReplicas sets an upper bound to the autoscaling feature. If MaxReplicas is set autoscaling is enabled. Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" instead.
+ MaxReplicas sets an upper bound to the autoscaling feature. If MaxReplicas is set autoscaling is enabled. +Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" instead.

Format: int32
@@ -219,7 +244,8 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. minReplicas integer - MinReplicas sets a lower bound to the autoscaling feature. Set this if you are using autoscaling. It must be at least 1 Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.
+ MinReplicas sets a lower bound to the autoscaling feature. Set this if you are using autoscaling. It must be at least 1 +Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.

Format: int32
@@ -237,7 +263,8 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. nodeSelector map[string]string - NodeSelector to schedule OpenTelemetry Collector pods. This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule OpenTelemetry Collector pods. +This is only relevant to daemonset, statefulset, and deployment mode
false @@ -251,36 +278,46 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. podAnnotations map[string]string - PodAnnotations is the set of annotations that will be attached to Collector and Target Allocator pods.
+ PodAnnotations is the set of annotations that will be attached to +Collector and Target Allocator pods.
false podDisruptionBudget object - PodDisruptionBudget specifies the pod disruption budget configuration to use for the AmazonCloudWatchAgent workload.
+ PodDisruptionBudget specifies the pod disruption budget configuration to use +for the AmazonCloudWatchAgent workload.
false podSecurityContext object - PodSecurityContext configures the pod security context for the amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. - In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
+ PodSecurityContext configures the pod security context for the +amazon-cloudwatch-agent pod, when running as a deployment, daemonset, +or statefulset. + + +In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
false ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator +will attempt to infer the required ports by parsing the .Spec.Config property but this property can be +used to open additional ports that can't be inferred by the operator, like for custom receivers.
false priorityClassName string - If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
+ If specified, indicates the pod's priority. +If not specified, the pod priority will be default or zero if there is no +default.
false @@ -303,16 +340,32 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. securityContext object - SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container.
+ SecurityContext configures the container security context for +the amazon-cloudwatch-agent container. + + +In deployment, daemonset, or statefulset mode, this controls +the security context settings for the primary application +container. + + +In sidecar mode, this controls the security context for the +injected sidecar container.
false serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, +the operator will not automatically create a ServiceAccount for the collector.
+ + false + + targetAllocator + object + + TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not.
false @@ -328,21 +381,28 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. tolerations []object - Toleration to schedule OpenTelemetry Collector pods. This is only relevant to daemonset, statefulset, and deployment mode
+ Toleration to schedule OpenTelemetry Collector pods. +This is only relevant to daemonset, statefulset, and deployment mode
false topologySpreadConstraints []object - TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ This is only relevant to statefulset, and deployment mode
+ TopologySpreadConstraints embedded kubernetes pod configuration option, +controls how pods are spread across your cluster among failure-domains +such as regions, zones, nodes, and other user-defined topology domains +https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +This is only relevant to statefulset, and deployment mode
false updateStrategy object - UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec This is only applicable to Daemonset mode.
+ UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods +https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec +This is only applicable to Daemonset mode.
false @@ -379,7 +439,9 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. workingDir string - WorkingDir represents Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ WorkingDir represents Container's working directory. If not specified, +the container runtime's default will be used, which might +be configured in the container image. Cannot be updated.
false @@ -406,77 +468,119 @@ A single application container that you want to run within a pod. name string - Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+ Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL). +Cannot be updated.
true args []string - Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Arguments to the entrypoint. +The container image's CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
false command []string - Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
false env []object - List of environment variables to set in the container. Cannot be updated.
+ List of environment variables to set in the container. +Cannot be updated.
false envFrom []object - List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+ List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated.
false image string - Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+ Container image name. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
false imagePullPolicy string - Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
false lifecycle object - Actions that the management system should take in response to container lifecycle events. Cannot be updated.
+ Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
false livenessProbe object - Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
false ports []object - List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+ List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated.
false readinessProbe object - Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
false @@ -490,63 +594,108 @@ A single application container that you want to run within a pod. resources object - Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
false restartPolicy string - RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+ RestartPolicy defines the restart behavior of individual containers in a pod. +This field may only be set for init containers, and the only allowed value is "Always". +For non-init containers or when this field is not specified, +the restart behavior is defined by the Pod's restart policy and the container type. +Setting the RestartPolicy as "Always" for the init container will have the following effect: +this init container will be continually restarted on +exit until all regular containers have terminated. Once all regular +containers have completed, all init containers with restartPolicy "Always" +will be shut down. This lifecycle differs from normal init containers and +is often referred to as a "sidecar" container. Although this init +container still starts in the init container sequence, it does not wait +for the container to complete before proceeding to the next init +container. Instead, the next init container starts immediately after this +init container is started, or after any startupProbe has successfully +completed.
false securityContext object - SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
false startupProbe object - StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
false stdin boolean - Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+ Whether this container should allocate a buffer for stdin in the container runtime. If this +is not set, reads from stdin in the container will always result in EOF. +Default is false.
false stdinOnce boolean - Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+ Whether the container runtime should close the stdin channel after it has been opened by +a single attach. When stdin is true the stdin stream will remain open across multiple attach +sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the +first client attaches to stdin, and then remains open and accepts data until the client disconnects, +at which time stdin is closed and remains closed until the container is restarted. If this +flag is false, a container processes that reads from stdin will never receive an EOF. +Default is false
false terminationMessagePath string - Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+ Optional: Path at which the file to which the container's termination message +will be written is mounted into the container's filesystem. +Message written is intended to be brief final status, such as an assertion failure message. +Will be truncated by the node if greater than 4096 bytes. The total message length across +all containers will be limited to 12kb. +Defaults to /dev/termination-log. +Cannot be updated.
false terminationMessagePolicy string - Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+ Indicate how the termination message should be populated. File will use the contents of +terminationMessagePath to populate the container status message on both success and failure. +FallbackToLogsOnError will use the last chunk of container log output if the termination +message file is empty and the container exited with an error. +The log output is limited to 2048 bytes or 80 lines, whichever is smaller. +Defaults to File. +Cannot be updated.
false tty boolean - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. +Default is false.
false @@ -560,14 +709,18 @@ A single application container that you want to run within a pod. volumeMounts []object - Pod volumes to mount into the container's filesystem. Cannot be updated.
+ Pod volumes to mount into the container's filesystem. +Cannot be updated.
false workingDir string - Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ Container's working directory. +If not specified, the container runtime's default will be used, which +might be configured in the container image. +Cannot be updated.
false @@ -601,7 +754,15 @@ EnvVar represents an environment variable present in a Container. value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
false @@ -642,14 +803,16 @@ Source for the environment variable's value. Cannot be used if value is not empt fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
false resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
false @@ -690,7 +853,9 @@ Selects a key of a ConfigMap. name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
false @@ -709,7 +874,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. @@ -743,7 +909,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -806,7 +973,9 @@ Selects a key of a secret in the pod's namespace @@ -881,7 +1050,9 @@ The ConfigMap to select from @@ -915,7 +1086,9 @@ The Secret to select from @@ -934,7 +1107,8 @@ The Secret to select from -Actions that the management system should take in response to container lifecycle events. Cannot be updated. +Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -949,14 +1123,25 @@ Actions that the management system should take in response to container lifecycl @@ -968,7 +1153,10 @@ Actions that the management system should take in response to container lifecycl -PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
postStart object - PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -1004,7 +1192,9 @@ PostStart is called immediately after a container is created. If the handler fai @@ -1031,7 +1221,11 @@ Exec specifies the action to take. @@ -1058,14 +1252,17 @@ HTTPGet specifies the http request to perform. @@ -1086,7 +1283,8 @@ HTTPGet specifies the http request to perform. @@ -1113,7 +1311,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1161,7 +1360,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -1176,7 +1377,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -1195,7 +1398,15 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -1231,7 +1442,9 @@ PreStop is called immediately before a container is terminated due to an API req @@ -1258,7 +1471,11 @@ Exec specifies the action to take. @@ -1285,14 +1502,17 @@ HTTPGet specifies the http request to perform. @@ -1313,7 +1533,8 @@ HTTPGet specifies the http request to perform. @@ -1340,7 +1561,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1388,7 +1610,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -1403,7 +1627,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -1422,7 +1648,10 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -1444,7 +1673,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1467,7 +1697,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1476,7 +1707,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1485,7 +1717,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1501,7 +1734,16 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1510,7 +1752,9 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1539,7 +1783,11 @@ Exec specifies the action to take. @@ -1575,8 +1823,11 @@ GRPC specifies an action involving a GRPC port. @@ -1603,14 +1854,17 @@ HTTPGet specifies the http request to perform. @@ -1631,7 +1885,8 @@ HTTPGet specifies the http request to perform. @@ -1658,7 +1913,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1692,7 +1948,9 @@ TCPSocket specifies an action involving a TCP port. @@ -1726,7 +1984,8 @@ ContainerPort represents a network port in a single container. @@ -1742,7 +2001,10 @@ ContainerPort represents a network port in a single container. @@ -1751,14 +2013,17 @@ ContainerPort represents a network port in a single container. @@ -1772,7 +2037,10 @@ ContainerPort represents a network port in a single container. -Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
containerPort integer - Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+ Number of port to expose on the pod's IP address. +This must be a valid port number, 0 < x < 65536.

Format: int32
hostPort integer - Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+ Number of port to expose on the host. +If specified, this must be a valid port number, 0 < x < 65536. +If HostNetwork is specified, this must match ContainerPort. +Most containers do not need this.

Format: int32
name string - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each +named port in a pod must have a unique name. Name for the port that can be +referred to by services.
 false
protocol string - Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+ Protocol for port. Must be UDP, TCP, or SCTP. +Defaults to "TCP".

Default: TCP
@@ -1794,7 +2062,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1817,7 +2086,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1826,7 +2096,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1835,7 +2106,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1851,7 +2123,16 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1860,7 +2141,9 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1889,7 +2172,11 @@ Exec specifies the action to take. @@ -1925,8 +2212,11 @@ GRPC specifies an action involving a GRPC port. @@ -1953,14 +2243,17 @@ HTTPGet specifies the http request to perform. @@ -1981,7 +2274,8 @@ HTTPGet specifies the http request to perform. @@ -2008,7 +2302,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -2042,7 +2337,9 @@ TCPSocket specifies an action involving a TCP port. @@ -2076,14 +2373,16 @@ ContainerResizePolicy represents resource resize policy for the container. @@ -2095,7 +2394,9 @@ ContainerResizePolicy represents resource resize policy for the container. -Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
resourceName string - Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+ Name of the resource to which this resource resize policy applies. +Supported values: cpu, memory.
 true
restartPolicy string - Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+ Restart policy to apply when specified resource is resized. +If not specified, it defaults to NotRequired.
 true
@@ -2110,23 +2411,33 @@ Compute Resources required by this container. Cannot be updated. More info: http @@ -2153,7 +2464,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2165,7 +2478,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
@@ -2180,42 +2495,63 @@ SecurityContext defines the security options the container should be run with. I @@ -2224,14 +2560,23 @@ SecurityContext defines the security options the container should be run with. I @@ -2240,21 +2585,31 @@ SecurityContext defines the security options the container should be run with. I @@ -2266,7 +2621,9 @@ SecurityContext defines the security options the container should be run with. I -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -2300,7 +2657,11 @@ The capabilities to add/drop when running containers. Defaults to the default se -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
@@ -2348,7 +2709,10 @@ The SELinux context to be applied to the container. If unspecified, the containe -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
@@ -2363,15 +2727,23 @@ The seccomp options to use by this container. If seccomp options are provided at @@ -2383,7 +2755,10 @@ The seccomp options to use by this container. If seccomp options are provided at -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -2398,7 +2773,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -2412,14 +2789,20 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -2431,7 +2814,13 @@ The Windows specific settings applied to all containers. If unspecified, the opt -StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
@@ -2453,7 +2842,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2476,7 +2866,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2485,7 +2876,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2494,7 +2886,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2510,7 +2903,16 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2519,7 +2921,9 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2548,7 +2952,11 @@ Exec specifies the action to take. @@ -2584,8 +2992,11 @@ GRPC specifies an action involving a GRPC port. @@ -2612,14 +3023,17 @@ HTTPGet specifies the http request to perform. @@ -2640,7 +3054,8 @@ HTTPGet specifies the http request to perform. @@ -2667,7 +3082,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -2701,7 +3117,9 @@ TCPSocket specifies an action involving a TCP port. @@ -2769,7 +3187,8 @@ VolumeMount describes a mounting of a Volume within a container. @@ -2783,28 +3202,36 @@ VolumeMount describes a mounting of a Volume within a container. @@ -2872,14 +3299,26 @@ Describes node affinity scheduling rules for the pod. @@ -2891,7 +3330,8 @@ Describes node affinity scheduling rules for the pod. -An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
 false
@@ -2961,7 +3401,8 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -2983,14 +3424,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -3002,7 +3448,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -3024,14 +3471,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -3043,7 +3495,11 @@ A node selector requirement is a selector that contains values, a key, and an op -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -3070,7 +3526,9 @@ If the affinity requirements specified by this field are not met at scheduling t -A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -3104,7 +3562,8 @@ A null or empty node selector term matches no objects. The requirements of them -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -3126,14 +3585,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -3145,7 +3609,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -3167,14 +3632,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -3201,14 +3671,28 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -3242,7 +3726,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -3271,42 +3756,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -3318,7 +3831,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -3340,7 +3854,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -3352,7 +3868,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3374,14 +3891,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3393,7 +3914,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3415,7 +3940,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -3427,7 +3954,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3449,14 +3977,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3468,7 +4000,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3483,42 +4020,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -3530,7 +4095,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -3552,7 +4118,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -3564,7 +4132,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3586,14 +4155,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3605,7 +4178,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3627,7 +4204,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -3639,7 +4218,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3661,14 +4241,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3695,14 +4279,28 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -3736,7 +4334,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -3765,42 +4364,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -3812,7 +4439,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -3834,7 +4462,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -3846,7 +4476,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3868,14 +4499,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3887,7 +4522,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3909,7 +4548,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -3921,7 +4562,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3943,14 +4585,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3962,7 +4608,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3977,42 +4628,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -4024,7 +4703,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -4046,7 +4726,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -4058,7 +4740,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4080,14 +4763,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -4099,7 +4786,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -4121,7 +4812,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -4133,7 +4826,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4155,14 +4849,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -4174,7 +4872,8 @@ A label selector requirement is a selector that contains values, a key, and an o -Autoscaler specifies the pod autoscaling configuration to use for the AmazonCloudWatchAgent workload. +Autoscaler specifies the pod autoscaling configuration to use +for the AmazonCloudWatchAgent workload.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -4189,7 +4888,8 @@ Autoscaler specifies the pod autoscaling configuration to use for the AmazonClou @@ -4205,7 +4905,9 @@ Autoscaler specifies the pod autoscaling configuration to use for the AmazonClou @@ -4221,7 +4923,8 @@ Autoscaler specifies the pod autoscaling configuration to use for the AmazonClou @@ -4244,7 +4947,8 @@ Autoscaler specifies the pod autoscaling configuration to use for the AmazonClou -HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively). +HorizontalPodAutoscalerBehavior configures the scaling behavior of the target +in both Up and Down directions (scaleUp and scaleDown fields respectively).
behavior object - HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).
+ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target +in both Up and Down directions (scaleUp and scaleDown fields respectively).
 false
metrics []object - Metrics is meant to provide a customizable way to configure HPA metrics. currently the only supported custom metrics is type=Pod. Use TargetCPUUtilization or TargetMemoryUtilization instead if scaling on these common resource metrics.
+ Metrics is meant to provide a customizable way to configure HPA metrics. +currently the only supported custom metrics is type=Pod. +Use TargetCPUUtilization or TargetMemoryUtilization instead if scaling on these common resource metrics.
 false
targetCPUUtilization integer - TargetCPUUtilization sets the target average CPU used across all replicas. If average CPU exceeds this value, the HPA will scale up. Defaults to 90 percent.
+ TargetCPUUtilization sets the target average CPU used across all replicas. +If average CPU exceeds this value, the HPA will scale up. Defaults to 90 percent.

Format: int32
@@ -4259,14 +4963,21 @@ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in @@ -4278,7 +4989,10 @@ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in -scaleDown is scaling policy for scaling Down. If not set, the default value is to allow to scale down to minReplicas pods, with a 300 second stabilization window (i.e., the highest recommendation for the last 300sec is used). +scaleDown is scaling policy for scaling Down. +If not set, the default value is to allow to scale down to minReplicas pods, with a +300 second stabilization window (i.e., the highest recommendation for +the last 300sec is used).
scaleDown object - scaleDown is scaling policy for scaling Down. If not set, the default value is to allow to scale down to minReplicas pods, with a 300 second stabilization window (i.e., the highest recommendation for the last 300sec is used).
+ scaleDown is scaling policy for scaling Down. +If not set, the default value is to allow to scale down to minReplicas pods, with a +300 second stabilization window (i.e., the highest recommendation for +the last 300sec is used).
 false
scaleUp object - scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: * increase no more than 4 pods per 60 seconds * double the number of pods per 60 seconds No stabilization is used.
+ scaleUp is scaling policy for scaling Up. +If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds +No stabilization is used.
 false
@@ -4293,21 +5007,28 @@ scaleDown is scaling policy for scaling Down. If not set, the default value is t @@ -4336,7 +5057,8 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -4352,7 +5074,8 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -4366,7 +5089,11 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in -scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: * increase no more than 4 pods per 60 seconds * double the number of pods per 60 seconds No stabilization is used. +scaleUp is scaling policy for scaling Up. +If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds +No stabilization is used.
policies []object - policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+ policies is a list of potential scaling polices which can be used during scaling. +At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
 false
selectPolicy string - selectPolicy is used to specify which policy should be used. If not set, the default value Max is used.
+ selectPolicy is used to specify which policy should be used. +If not set, the default value Max is used.
 false
stabilizationWindowSeconds integer - stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+ stabilizationWindowSeconds is the number of seconds for which past recommendations should be +considered while scaling up or scaling down. +StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). +If not set, use the default values: +- For scale up: 0 (i.e. no stabilization is done). +- For scale down: 300 (i.e. the stabilization window is 300 seconds long).

Format: int32
periodSeconds integer - periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+ periodSeconds specifies the window of time for which the policy should hold true. +PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).

Format: int32
value integer - value contains the amount of change which is permitted by the policy. It must be greater than zero
+ value contains the amount of change which is permitted by the policy. +It must be greater than zero

Format: int32
@@ -4381,21 +5108,28 @@ scaleUp is scaling policy for scaling Up. If not set, the default value is the h @@ -4424,7 +5158,8 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -4440,7 +5175,8 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -4454,7 +5190,9 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in -MetricSpec defines a subset of metrics to be defined for the HPA's metric array more metric type can be supported as needed. See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec for reference. +MetricSpec defines a subset of metrics to be defined for the HPA's metric array +more metric type can be supported as needed. +See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec for reference.
policies []object - policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+ policies is a list of potential scaling polices which can be used during scaling. +At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
 false
selectPolicy string - selectPolicy is used to specify which policy should be used. If not set, the default value Max is used.
+ selectPolicy is used to specify which policy should be used. +If not set, the default value Max is used.
 false
stabilizationWindowSeconds integer - stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+ stabilizationWindowSeconds is the number of seconds for which past recommendations should be +considered while scaling up or scaling down. +StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). +If not set, use the default values: +- For scale up: 0 (i.e. no stabilization is done). +- For scale down: 300 (i.e. the stabilization window is 300 seconds long).

Format: int32
periodSeconds integer - periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+ periodSeconds specifies the window of time for which the policy should hold true. +PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).

Format: int32
value integer - value contains the amount of change which is permitted by the policy. It must be greater than zero
+ value contains the amount of change which is permitted by the policy. +It must be greater than zero

Format: int32
@@ -4476,7 +5214,10 @@ MetricSpec defines a subset of metrics to be defined for the HPA's metric array @@ -4488,7 +5229,10 @@ MetricSpec defines a subset of metrics to be defined for the HPA's metric array -PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value. +PodsMetricSource indicates how to scale on a metric describing each pod in +the current scale target (for example, transactions-processed-per-second). +The values will be averaged together before being compared to the target +value.
pods object - PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
+ PodsMetricSource indicates how to scale on a metric describing each pod in +the current scale target (for example, transactions-processed-per-second). +The values will be averaged together before being compared to the target +value.
 false
@@ -4544,7 +5288,9 @@ metric identifies the target metric by name and selector @@ -4556,7 +5302,9 @@ metric identifies the target metric by name and selector -selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics. +selector is the string-encoded form of a standard kubernetes label selector for the given metric +When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. +When unset, just the metricName will be used to gather metrics.
selector object - selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric +When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. +When unset, just the metricName will be used to gather metrics.
 false
@@ -4578,7 +5326,9 @@ selector is the string-encoded form of a standard kubernetes label selector for @@ -4590,7 +5340,8 @@ selector is the string-encoded form of a standard kubernetes label selector for -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4612,14 +5363,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -4653,7 +5408,10 @@ target specifies the target value for the given metric @@ -4662,7 +5420,8 @@ target specifies the target value for the given metric @@ -4737,7 +5496,15 @@ EnvVar represents an environment variable present in a Container. @@ -4778,14 +5545,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -4826,7 +5595,9 @@ Selects a key of a ConfigMap. @@ -4845,7 +5616,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
averageUtilization integer - averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type
+ averageUtilization is the target value of the average of the +resource metric across all relevant pods, represented as a percentage of +the requested value of the resource for the pods. +Currently only valid for Resource metric source type

Format: int32
averageValue int or string - averageValue is the target value of the average of the metric across all relevant pods (as a quantity)
+ averageValue is the target value of the average of the +metric across all relevant pods (as a quantity)
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -4879,7 +5651,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -4942,7 +5715,9 @@ Selects a key of a secret in the pod's namespace @@ -5017,7 +5792,9 @@ The ConfigMap to select from @@ -5051,7 +5828,9 @@ The Secret to select from @@ -5070,7 +5849,9 @@ The Secret to select from -Ingress is used to specify how OpenTelemetry Collector is exposed. This functionality is only available if one of the valid modes is set. Valid modes are: deployment, daemonset and statefulset. +Ingress is used to specify how OpenTelemetry Collector is exposed. This +functionality is only available if one of the valid modes is set. +Valid modes are: deployment, daemonset and statefulset.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -5085,7 +5866,8 @@ Ingress is used to specify how OpenTelemetry Collector is exposed. This function @@ -5099,21 +5881,27 @@ Ingress is used to specify how OpenTelemetry Collector is exposed. This function @@ -5129,7 +5917,8 @@ Ingress is used to specify how OpenTelemetry Collector is exposed. This function @@ -5143,7 +5932,8 @@ Ingress is used to specify how OpenTelemetry Collector is exposed. This function -Route is an OpenShift specific section that is only considered when type "route" is used. +Route is an OpenShift specific section that is only considered when +type "route" is used.
annotations map[string]string - Annotations to add to ingress. e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"'
+ Annotations to add to ingress. +e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"'
 false
ingressClassName string - IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource.
+ IngressClassName is the name of an IngressClass cluster resource. Ingress +controller implementations use this field to know whether they should be +serving this Ingress resource.
 false
route object - Route is an OpenShift specific section that is only considered when type "route" is used.
+ Route is an OpenShift specific section that is only considered when +type "route" is used.
 false
ruleType enum - RuleType defines how Ingress exposes collector receivers. IngressRuleTypePath ("path") exposes each receiver port on a unique path on single domain defined in Hostname. IngressRuleTypeSubdomain ("subdomain") exposes each receiver port on a unique subdomain of Hostname. Default is IngressRuleTypePath ("path").
+ RuleType defines how Ingress exposes collector receivers. +IngressRuleTypePath ("path") exposes each receiver port on a unique path on single domain defined in Hostname. +IngressRuleTypeSubdomain ("subdomain") exposes each receiver port on a unique subdomain of Hostname. +Default is IngressRuleTypePath ("path").

Enum: path, subdomain
type enum - Type default value is: "" Supported types are: ingress, route
+ Type default value is: "" +Supported types are: ingress, route

Enum: ingress, route
@@ -5187,14 +5977,21 @@ IngressTLS describes the transport layer security associated with an ingress. @@ -5221,77 +6018,119 @@ A single application container that you want to run within a pod. @@ -5305,63 +6144,108 @@ A single application container that you want to run within a pod. @@ -5375,14 +6259,18 @@ A single application container that you want to run within a pod. @@ -5416,7 +6304,15 @@ EnvVar represents an environment variable present in a Container. @@ -5457,14 +6353,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -5505,7 +6403,9 @@ Selects a key of a ConfigMap. @@ -5524,7 +6424,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
hosts []string - hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+ hosts is a list of hosts included in the TLS certificate. The values in +this list must match the name/s used in the tlsSecret. Defaults to the +wildcard host setting for the loadbalancer controller fulfilling this +Ingress, if left unspecified.
 false
secretName string - secretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the "Host" header is used for routing.
+ secretName is the name of the secret used to terminate TLS traffic on +port 443. Field is left optional to allow TLS routing based on SNI +hostname alone. If the SNI host in a listener conflicts with the "Host" +header field used by an IngressRule, the SNI host is used for termination +and value of the "Host" header is used for routing.
 false
name string - Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+ Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL). +Cannot be updated.
 true
args []string - Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Arguments to the entrypoint. +The container image's CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
command []string - Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object - List of environment variables to set in the container. Cannot be updated.
+ List of environment variables to set in the container. +Cannot be updated.
 false
envFrom []object - List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+ List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated.
 false
image string - Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+ Container image name. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
 false
imagePullPolicy string - Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
 false
lifecycle object - Actions that the management system should take in response to container lifecycle events. Cannot be updated.
+ Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
 false
livenessProbe object - Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
ports []object - List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+ List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated.
 false
readinessProbe object - Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
resources object - Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
restartPolicy string - RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+ RestartPolicy defines the restart behavior of individual containers in a pod. +This field may only be set for init containers, and the only allowed value is "Always". +For non-init containers or when this field is not specified, +the restart behavior is defined by the Pod's restart policy and the container type. +Setting the RestartPolicy as "Always" for the init container will have the following effect: +this init container will be continually restarted on +exit until all regular containers have terminated. Once all regular +containers have completed, all init containers with restartPolicy "Always" +will be shut down. This lifecycle differs from normal init containers and +is often referred to as a "sidecar" container. Although this init +container still starts in the init container sequence, it does not wait +for the container to complete before proceeding to the next init +container. Instead, the next init container starts immediately after this +init container is started, or after any startupProbe has successfully +completed.
 false
securityContext object - SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 false
startupProbe object - StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
stdin boolean - Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+ Whether this container should allocate a buffer for stdin in the container runtime. If this +is not set, reads from stdin in the container will always result in EOF. +Default is false.
 false
stdinOnce boolean - Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+ Whether the container runtime should close the stdin channel after it has been opened by +a single attach. When stdin is true the stdin stream will remain open across multiple attach +sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the +first client attaches to stdin, and then remains open and accepts data until the client disconnects, +at which time stdin is closed and remains closed until the container is restarted. If this +flag is false, a container processes that reads from stdin will never receive an EOF. +Default is false
 false
terminationMessagePath string - Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+ Optional: Path at which the file to which the container's termination message +will be written is mounted into the container's filesystem. +Message written is intended to be brief final status, such as an assertion failure message. +Will be truncated by the node if greater than 4096 bytes. The total message length across +all containers will be limited to 12kb. +Defaults to /dev/termination-log. +Cannot be updated.
 false
terminationMessagePolicy string - Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+ Indicate how the termination message should be populated. File will use the contents of +terminationMessagePath to populate the container status message on both success and failure. +FallbackToLogsOnError will use the last chunk of container log output if the termination +message file is empty and the container exited with an error. +The log output is limited to 2048 bytes or 80 lines, whichever is smaller. +Defaults to File. +Cannot be updated.
 false
tty boolean - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. +Default is false.
 false
volumeMounts []object - Pod volumes to mount into the container's filesystem. Cannot be updated.
+ Pod volumes to mount into the container's filesystem. +Cannot be updated.
 false
workingDir string - Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ Container's working directory. +If not specified, the container runtime's default will be used, which +might be configured in the container image. +Cannot be updated.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -5558,7 +6459,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -5621,7 +6523,9 @@ Selects a key of a secret in the pod's namespace @@ -5696,7 +6600,9 @@ The ConfigMap to select from @@ -5730,7 +6636,9 @@ The Secret to select from @@ -5749,7 +6657,8 @@ The Secret to select from -Actions that the management system should take in response to container lifecycle events. Cannot be updated. +Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -5764,14 +6673,25 @@ Actions that the management system should take in response to container lifecycl @@ -5783,7 +6703,10 @@ Actions that the management system should take in response to container lifecycl -PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
postStart object - PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -5819,7 +6742,9 @@ PostStart is called immediately after a container is created. If the handler fai @@ -5846,7 +6771,11 @@ Exec specifies the action to take. @@ -5873,14 +6802,17 @@ HTTPGet specifies the http request to perform. @@ -5901,7 +6833,8 @@ HTTPGet specifies the http request to perform. @@ -5928,7 +6861,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -5976,7 +6910,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -5991,7 +6927,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -6010,7 +6948,15 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -6046,7 +6992,9 @@ PreStop is called immediately before a container is terminated due to an API req @@ -6073,7 +7021,11 @@ Exec specifies the action to take. @@ -6100,14 +7052,17 @@ HTTPGet specifies the http request to perform. @@ -6128,7 +7083,8 @@ HTTPGet specifies the http request to perform. @@ -6155,7 +7111,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -6203,7 +7160,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -6218,7 +7177,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -6237,7 +7198,10 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -6259,7 +7223,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6282,7 +7247,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6291,7 +7257,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6300,7 +7267,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6316,7 +7284,16 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6325,7 +7302,9 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6354,7 +7333,11 @@ Exec specifies the action to take. @@ -6390,8 +7373,11 @@ GRPC specifies an action involving a GRPC port. @@ -6418,14 +7404,17 @@ HTTPGet specifies the http request to perform. @@ -6446,7 +7435,8 @@ HTTPGet specifies the http request to perform. @@ -6473,7 +7463,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -6507,7 +7498,9 @@ TCPSocket specifies an action involving a TCP port. @@ -6541,7 +7534,8 @@ ContainerPort represents a network port in a single container. @@ -6557,7 +7551,10 @@ ContainerPort represents a network port in a single container. @@ -6566,14 +7563,17 @@ ContainerPort represents a network port in a single container. @@ -6587,7 +7587,10 @@ ContainerPort represents a network port in a single container. -Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
containerPort integer - Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+ Number of port to expose on the pod's IP address. +This must be a valid port number, 0 < x < 65536.

Format: int32
hostPort integer - Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+ Number of port to expose on the host. +If specified, this must be a valid port number, 0 < x < 65536. +If HostNetwork is specified, this must match ContainerPort. +Most containers do not need this.

Format: int32
name string - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each +named port in a pod must have a unique name. Name for the port that can be +referred to by services.
 false
protocol string - Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+ Protocol for port. Must be UDP, TCP, or SCTP. +Defaults to "TCP".

Default: TCP
@@ -6609,7 +7612,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6632,7 +7636,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6641,7 +7646,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6650,7 +7656,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6666,7 +7673,16 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6675,7 +7691,9 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6704,7 +7722,11 @@ Exec specifies the action to take. @@ -6740,8 +7762,11 @@ GRPC specifies an action involving a GRPC port. @@ -6768,14 +7793,17 @@ HTTPGet specifies the http request to perform. @@ -6796,7 +7824,8 @@ HTTPGet specifies the http request to perform. @@ -6823,7 +7852,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -6857,7 +7887,9 @@ TCPSocket specifies an action involving a TCP port. @@ -6891,14 +7923,16 @@ ContainerResizePolicy represents resource resize policy for the container. @@ -6910,7 +7944,9 @@ ContainerResizePolicy represents resource resize policy for the container. -Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
resourceName string - Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+ Name of the resource to which this resource resize policy applies. +Supported values: cpu, memory.
 true
restartPolicy string - Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+ Restart policy to apply when specified resource is resized. +If not specified, it defaults to NotRequired.
 true
@@ -6925,23 +7961,33 @@ Compute Resources required by this container. Cannot be updated. More info: http @@ -6968,7 +8014,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -6980,7 +8028,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
@@ -6995,42 +8045,63 @@ SecurityContext defines the security options the container should be run with. I @@ -7039,14 +8110,23 @@ SecurityContext defines the security options the container should be run with. I @@ -7055,21 +8135,31 @@ SecurityContext defines the security options the container should be run with. I @@ -7081,7 +8171,9 @@ SecurityContext defines the security options the container should be run with. I -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -7115,7 +8207,11 @@ The capabilities to add/drop when running containers. Defaults to the default se -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
@@ -7163,7 +8259,10 @@ The SELinux context to be applied to the container. If unspecified, the containe -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
@@ -7178,15 +8277,23 @@ The seccomp options to use by this container. If seccomp options are provided at @@ -7198,7 +8305,10 @@ The seccomp options to use by this container. If seccomp options are provided at -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -7213,7 +8323,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -7227,14 +8339,20 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -7246,7 +8364,13 @@ The Windows specific settings applied to all containers. If unspecified, the opt -StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
@@ -7268,7 +8392,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7291,7 +8416,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7300,7 +8426,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7309,7 +8436,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7325,7 +8453,16 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7334,7 +8471,9 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7363,7 +8502,11 @@ Exec specifies the action to take. @@ -7399,8 +8542,11 @@ GRPC specifies an action involving a GRPC port. @@ -7427,14 +8573,17 @@ HTTPGet specifies the http request to perform. @@ -7455,7 +8604,8 @@ HTTPGet specifies the http request to perform. @@ -7482,7 +8632,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -7516,7 +8667,9 @@ TCPSocket specifies an action involving a TCP port. @@ -7584,7 +8737,8 @@ VolumeMount describes a mounting of a Volume within a container. @@ -7598,28 +8752,36 @@ VolumeMount describes a mounting of a Volume within a container. @@ -7646,14 +8808,25 @@ Actions that the management system should take in response to container lifecycl @@ -7665,7 +8838,10 @@ Actions that the management system should take in response to container lifecycl -PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
postStart object - PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -7701,7 +8877,9 @@ PostStart is called immediately after a container is created. If the handler fai @@ -7728,7 +8906,11 @@ Exec specifies the action to take. @@ -7755,14 +8937,17 @@ HTTPGet specifies the http request to perform. @@ -7783,7 +8968,8 @@ HTTPGet specifies the http request to perform. @@ -7810,7 +8996,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -7858,7 +9045,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -7873,7 +9062,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -7892,7 +9083,15 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -7928,7 +9127,9 @@ PreStop is called immediately before a container is terminated due to an API req @@ -7955,7 +9156,11 @@ Exec specifies the action to take. @@ -7982,14 +9187,17 @@ HTTPGet specifies the http request to perform. @@ -8010,7 +9218,8 @@ HTTPGet specifies the http request to perform. @@ -8037,7 +9246,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -8085,7 +9295,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -8100,7 +9312,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -8119,7 +9333,8 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline. +Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. +It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -8134,7 +9349,8 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8143,7 +9359,9 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8152,7 +9370,8 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8161,7 +9380,8 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8170,7 +9390,16 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8179,7 +9408,9 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8235,7 +9466,8 @@ Metrics defines the metrics configuration for operands. @@ -8247,7 +9479,8 @@ Metrics defines the metrics configuration for operands. -PodDisruptionBudget specifies the pod disruption budget configuration to use for the AmazonCloudWatchAgent workload. +PodDisruptionBudget specifies the pod disruption budget configuration to use +for the AmazonCloudWatchAgent workload.
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. Defaults to 0 seconds. Minimum value is 0. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +Defaults to 0 seconds. Minimum value is 0. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
enableMetrics boolean - EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar mode) should be created for the service managed by the OpenTelemetry Operator. The operator.observability.prometheus feature gate must be enabled to use this feature.
+ EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar mode) should be created for the service managed by the OpenTelemetry Operator. +The operator.observability.prometheus feature gate must be enabled to use this feature.
 false
@@ -8262,14 +9495,20 @@ PodDisruptionBudget specifies the pod disruption budget configuration to use for @@ -8281,8 +9520,12 @@ PodDisruptionBudget specifies the pod disruption budget configuration to use for -PodSecurityContext configures the pod security context for the amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. - In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. +PodSecurityContext configures the pod security context for the +amazon-cloudwatch-agent pod, when running as a deployment, daemonset, +or statefulset. + + +In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
maxUnavailable int or string - An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ An eviction is allowed if at most "maxUnavailable" pods selected by +"selector" are unavailable after the eviction, i.e. even in absence of +the evicted pod. For example, one can prevent all voluntary evictions +by specifying 0. This is a mutually exclusive setting with "minAvailable".
 false
minAvailable int or string - An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
+ An eviction is allowed if at least "minAvailable" pods selected by +"selector" will still be available after the eviction, i.e. even in the +absence of the evicted pod. So for example you can prevent all voluntary +evictions by specifying "100%".
 false
@@ -8297,9 +9540,18 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch @@ -8308,14 +9560,25 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch @@ -8324,14 +9587,24 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch @@ -8340,35 +9613,52 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch @@ -8380,7 +9670,12 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch -The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows.
fsGroup integer - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+ A special supplemental group that applies to all containers in a pod. +Some volume types allow the Kubelet to change the ownership of that volume +to be owned by the pod: + + +1. The owning GID will be the FSGroup +2. The setgid bit is set (new files created in the volume will be owned by FSGroup) +3. The permission bits are OR'd with rw-rw---- + + +If unset, the Kubelet will not modify the ownership and permissions of any volume. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
fsGroupChangePolicy string - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume +before being exposed inside Pod. This field will only apply to +volume types which support fsGroup based ownership(and permissions). +It will have no effect on ephemeral volume types such as: secret, configmaps +and emptydir. +Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
 false
supplementalGroups []integer - A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ A list of groups applied to the first process run in each container, in addition +to the container's primary GID, the fsGroup (if specified), and group memberships +defined in the container image for the uid of the container process. If unspecified, +no additional groups are added to any container. Note that group memberships +defined in the container image for the uid of the container process are still effective, +even if they are not included in this list. +Note that this field cannot be set when spec.os.name is windows.
 false
sysctls []object - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported +sysctls (by the container runtime) might fail to launch. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -8428,7 +9723,8 @@ The SELinux context to be applied to all containers. If unspecified, the contain -The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
@@ -8443,15 +9739,23 @@ The seccomp options to use by the containers in this pod. Note that this field c @@ -8497,7 +9801,10 @@ Sysctl defines a kernel parameter to be set -The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -8512,7 +9819,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -8526,14 +9835,20 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -8569,24 +9884,50 @@ ServicePort contains information on service's port. @@ -8595,7 +9936,8 @@ ServicePort contains information on service's port. @@ -8604,7 +9946,14 @@ ServicePort contains information on service's port. @@ -8631,23 +9980,33 @@ Resources to set on the OpenTelemetry Collector pods. @@ -8674,7 +10033,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -8686,9 +10047,17 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. +SecurityContext configures the container security context for +the amazon-cloudwatch-agent container. + + +In deployment, daemonset, or statefulset mode, this controls +the security context settings for the primary application +container. + + +In sidecar mode, this controls the security context for the +injected sidecar container.
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
appProtocol string - The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
+ The application protocol for this port. +This is used as a hint for implementations to offer richer behavior for protocols that they understand. +This field follows standard Kubernetes label syntax. +Valid values are either: + + +* Un-prefixed protocol names - reserved for IANA standard service names (as per +RFC-6335 and https://www.iana.org/assignments/service-names). + + +* Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + +* Other protocols should use implementation-defined prefixed names such as +mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. +All ports within a ServiceSpec must have unique names. When considering +the endpoints for a Service, this must match the 'name' field in the +EndpointPort. +Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is +NodePort or LoadBalancer. Usually assigned by the system. If a value is +specified, in-range, and not in use it will be used, otherwise the +operation will fail. If not specified, a port will be allocated if this +Service requires one. If this field is specified when creating a +Service which does not need it, creation will fail. This field will be +wiped when updating a Service to no longer need it (e.g. changing type +from NodePort to ClusterIP). +More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". +Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. +Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +If this is a string, it will be looked up as a named port in the +target Pod's container ports. If this is not specified, the value +of the 'port' field is used (an identity map). +This field is ignored for services with clusterIP=None, and should be +omitted or set equal to the 'port' field. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
@@ -8703,42 +10072,63 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -8747,14 +10137,23 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -8763,21 +10162,31 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -8789,7 +10198,9 @@ SecurityContext configures the container security context for the amazon-cloudwa -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -8823,7 +10234,11 @@ The capabilities to add/drop when running containers. Defaults to the default se -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
@@ -8871,7 +10286,10 @@ The SELinux context to be applied to the container. If unspecified, the containe -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
@@ -8886,15 +10304,23 @@ The seccomp options to use by this container. If seccomp options are provided at @@ -8906,7 +10332,10 @@ The seccomp options to use by this container. If seccomp options are provided at -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -8921,7 +10350,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -8935,26 +10366,32 @@ The Windows specific settings applied to all containers. If unspecified, the opt
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
-### AmazonCloudWatchAgent.spec.tolerations[index] +### AmazonCloudWatchAgent.spec.targetAllocator [↩ Parent](#amazoncloudwatchagentspec) -The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. @@ -8966,137 +10403,130 @@ The pod this Toleration is attached to tolerates any taint that matches the trip - - + + - - + + - - + + - - + + - + - -
effectstringaffinityobject - Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ If specified, indicates the pod's scheduling constraints
 false
keystringallocationStrategyenum - Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ AllocationStrategy determines which strategy the target allocator should use for allocation. +The current options are least-weighted and consistent-hashing. The default option is least-weighted
+
+ Enum: least-weighted, consistent-hashing
 false
operatorstringenabledboolean - Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+ Enabled indicates whether to use a target allocation mechanism for Prometheus targets or not.
 false
tolerationSecondsintegerenv[]object - TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
-
- Format: int64
+ ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be +consumed in the config file for the TargetAllocator.
 false
valuefilterStrategy string - Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+ FilterStrategy determines how to filter targets before allocating them among the collectors. +The only current option is relabel-config (drops targets based on prom relabel_config). +Filtering is disabled by default.
 false
- - -### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index] -[↩ Parent](#amazoncloudwatchagentspec) - - - -TopologySpreadConstraint specifies how to spread matching pods among the given topology. - - - - - - - - - - - - - - - - + - + - - + + - + - + - - + + - - + + - - + + - + + + + + + + + + + +
NameTypeDescriptionRequired
maxSkewinteger - MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
-
- Format: int32
- 		true
topologyKeyimage string - TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
+ Image indicates the container image to use for the OpenTelemetry TargetAllocator.
truefalse
whenUnsatisfiablestringnodeSelectormap[string]string - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+ NodeSelector to schedule OpenTelemetry TargetAllocator pods.
truefalse
labelSelectorprometheusCR object - LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+ PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. +All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces.
 false
matchLabelKeys[]stringreplicasinteger - MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value +other than 1 if a strategy that allows for high availability is chosen. Currently, the only allocation strategy +that can be run in a high availability mode is consistent-hashing.
+
+ Format: int32
 false
minDomainsintegerresourcesobject - MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
-
- Format: int32
+ Resources to set on the OpenTelemetryTargetAllocator containers.
 false
nodeAffinityPolicystringsecurityContextobject - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ SecurityContext configures the container security context for +the targetallocator.
 false
nodeTaintsPolicyserviceAccount string - NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, +the operator will not automatically create a ServiceAccount for the TargetAllocator.
+ 		false
tolerations[]object + Toleration embedded kubernetes pod configuration option, +controls how pods can be scheduled with matching taints
+ 		false
topologySpreadConstraints[]object + TopologySpreadConstraints embedded kubernetes pod configuration option, +controls how pods are spread across your cluster among failure-domains +such as regions, zones, nodes, and other user-defined topology domains +https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 false
-### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindex) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity +[↩ Parent](#amazoncloudwatchagentspectargetallocator) -LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +If specified, indicates the pod's scheduling constraints @@ -9108,29 +10538,36 @@ LabelSelector is used to find matching pods. Pods that match this label selector - - + + - - + + + + + + +
matchExpressions[]objectnodeAffinityobject - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ Describes node affinity scheduling rules for the pod.
 false
matchLabelsmap[string]stringpodAffinityobject + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ 		false
podAntiAffinityobject - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
 false
-### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindexlabelselector) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +Describes node affinity scheduling rules for the pod. @@ -9142,36 +10579,42 @@ A label selector requirement is a selector that contains values, a key, and an o - - - - - - - + + - + - - + +
keystring - key is the label key that the selector applies to.
- 		true
operatorstringpreferredDuringSchedulingIgnoredDuringExecution[]object - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
truefalse
values[]stringrequiredDuringSchedulingIgnoredDuringExecutionobject - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
 false
-### AmazonCloudWatchAgent.spec.updateStrategy -[↩ Parent](#amazoncloudwatchagentspec) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) -UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec This is only applicable to Daemonset mode. +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). @@ -9183,29 +10626,31 @@ UpdateStrategy represents the strategy the operator will take replacing existing - + - + - - + + - +
rollingUpdatepreference object - Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345
+ A node selector term, associated with the corresponding weight.
falsetrue
typestringweightinteger - Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
+ Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+ Format: int32
falsetrue
-### AmazonCloudWatchAgent.spec.updateStrategy.rollingUpdate -[↩ Parent](#amazoncloudwatchagentspecupdatestrategy) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindex) -Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345 +A node selector term, associated with the corresponding weight. @@ -9217,29 +10662,30 @@ Rolling update config params. Present only if type = "RollingUpdate". --- TODO: - - + + - - + +
maxSurgeint or stringmatchExpressions[]object - The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption.
+ A list of node selector requirements by node's labels.
 false
maxUnavailableint or stringmatchFields[]object - The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
+ A list of node selector requirements by node's fields.
 false
-### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index] -[↩ Parent](#amazoncloudwatchagentspec) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) -PersistentVolumeClaim is a user's request for and claim to a persistent volume +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. @@ -9251,50 +10697,42 @@ PersistentVolumeClaim is a user's request for and claim to a persistent volume - + - + - + - - - - - - - - - - - + - - + +
apiVersionkey string - APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ The label key that the selector applies to.
falsetrue
kindoperator string - Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- 		false
metadataobject - Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- 		false
specobject - spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
falsetrue
statusobjectvalues[]string - status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
-### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index].metadata -[↩ Parent](#amazoncloudwatchagentspecvolumeclaimtemplatesindex) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) -Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. @@ -9306,17 +10744,2998 @@ Standard object's metadata. More info: https://git.k8s.io/community/contributors - - + + - + - - + + + + + + + + + +
annotationsmap[string]stringkeystring -
+ The label key that the selector applies to.
falsetrue
finalizers[]stringoperatorstring -
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) + + + +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
nodeSelectorTerms[]object + Required. A list of node selector terms. The terms are ORed.
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecution) + + + +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + A list of node selector requirements by node's labels.
+ 		false
matchFields[]object + A list of node selector requirements by node's fields.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) + + + +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) + + + +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) + + + +Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object + The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
+ 		false
requiredDuringSchedulingIgnoredDuringExecution[]object + If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) + + + +The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
podAffinityTermobject + Required. A pod affinity term, associated with the corresponding weight.
+ 		true
weightinteger + weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.
+
+ Format: int32
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindex) + + + +Required. A pod affinity term, associated with the corresponding weight. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
mismatchLabelKeys[]string + MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) + + + +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
mismatchLabelKeys[]string + MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) + + + +Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object + The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
+ 		false
requiredDuringSchedulingIgnoredDuringExecution[]object + If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) + + + +The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
podAffinityTermobject + Required. A pod affinity term, associated with the corresponding weight.
+ 		true
weightinteger + weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.
+
+ Format: int32
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindex) + + + +Required. A pod affinity term, associated with the corresponding weight. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
mismatchLabelKeys[]string + MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) + + + +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
mismatchLabelKeys[]string + MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. Must be a C_IDENTIFIER.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindex) + + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.configMapKeyRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.fieldRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.resourceFieldRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.secretKeyRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.prometheusCR +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. +All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Enabled indicates whether to use a PrometheusOperator custom resources as targets or not.
+ 		false
podMonitorSelectormap[string]string + PodMonitors to be selected for target discovery. +This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a +PodMonitor's meta labels. The requirements are ANDed.
+ 		false
scrapeIntervalstring + Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. + + +Default: "30s"
+
+ Format: duration
+ Default: 30s
+ 		false
serviceMonitorSelectormap[string]string + ServiceMonitors to be selected for target discovery. +This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a +ServiceMonitor's meta labels. The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.resources +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +Resources to set on the OpenTelemetryTargetAllocator containers. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claims[]object + Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
+ 		false
limitsmap[string]int or string + Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.resources.claims[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatorresources) + + + +ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +SecurityContext configures the container security context for +the targetallocator. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fsGroupinteger + A special supplemental group that applies to all containers in a pod. +Some volume types allow the Kubelet to change the ownership of that volume +to be owned by the pod: + + +1. The owning GID will be the FSGroup +2. The setgid bit is set (new files created in the volume will be owned by FSGroup) +3. The permission bits are OR'd with rw-rw---- + + +If unset, the Kubelet will not modify the ownership and permissions of any volume. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
fsGroupChangePolicystring + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume +before being exposed inside Pod. This field will only apply to +volume types which support fsGroup based ownership(and permissions). +It will have no effect on ephemeral volume types such as: secret, configmaps +and emptydir. +Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
runAsGroupinteger + The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
runAsNonRootboolean + Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
runAsUserinteger + The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
seLinuxOptionsobject + The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
seccompProfileobject + The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
supplementalGroups[]integer + A list of groups applied to the first process run in each container, in addition +to the container's primary GID, the fsGroup (if specified), and group memberships +defined in the container image for the uid of the container process. If unspecified, +no additional groups are added to any container. Note that group memberships +defined in the container image for the uid of the container process are still effective, +even if they are not included in this list. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
sysctls[]object + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported +sysctls (by the container runtime) might fail to launch. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
windowsOptionsobject + The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seLinuxOptions +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
levelstring + Level is SELinux level label that applies to the container.
+ 		false
rolestring + Role is a SELinux role label that applies to the container.
+ 		false
typestring + Type is a SELinux type label that applies to the container.
+ 		false
userstring + User is a SELinux user label that applies to the container.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seccompProfile +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
+ 		true
localhostProfilestring + localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.sysctls[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +Sysctl defines a kernel parameter to be set + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of a property to set
+ 		true
valuestring + Value of a property to set
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.windowsOptions +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
gmsaCredentialSpecstring + GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
+ 		false
gmsaCredentialSpecNamestring + GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ 		false
hostProcessboolean + HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
+ 		false
runAsUserNamestring + The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.tolerations[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +TopologySpreadConstraint specifies how to spread matching pods among the given topology. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
maxSkewinteger + MaxSkew describes the degree to which pods may be unevenly distributed. +When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference +between the number of matching pods in the target topology and the global minimum. +The global minimum is the minimum number of matching pods in an eligible domain +or zero if the number of eligible domains is less than MinDomains. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 2/2/1: +In this case, the global minimum is 1. +| zone1 | zone2 | zone3 | +| P P | P P | P | +- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; +scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) +violate MaxSkew(1). +- if MaxSkew is 2, incoming pod can be scheduled onto any zone. +When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence +to topologies that satisfy it. +It's a required field. Default value is 1 and 0 is not allowed.
+
+ Format: int32
+ 		true
topologyKeystring + TopologyKey is the key of node labels. Nodes that have a label with this key +and identical values are considered to be in the same topology. +We consider each as a "bucket", and try to put balanced number +of pods into each bucket. +We define a domain as a particular instance of a topology. +Also, we define an eligible domain as a domain whose nodes meet the requirements of +nodeAffinityPolicy and nodeTaintsPolicy. +e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. +And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. +It's a required field.
+ 		true
whenUnsatisfiablestring + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy +the spread constraint. +- DoNotSchedule (default) tells the scheduler not to schedule it. +- ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. +A constraint is considered "Unsatisfiable" for an incoming pod +if and only if every possible node assignment for that pod would violate +"MaxSkew" on some topology. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 3/1/1: +| zone1 | zone2 | zone3 | +| P P P | P | P | +If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled +to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies +MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler +won't make it *more* imbalanced. +It's a required field.
+ 		true
labelSelectorobject + LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select the pods over which +spreading will be calculated. The keys are used to lookup values from the +incoming pod labels, those key-value labels are ANDed with labelSelector +to select the group of existing pods over which spreading will be calculated +for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +MatchLabelKeys cannot be set when LabelSelector isn't set. +Keys that don't exist in the incoming pod labels will +be ignored. A null or empty list means only match against labelSelector. + + +This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ 		false
minDomainsinteger + MinDomains indicates a minimum number of eligible domains. +When the number of eligible domains with matching topology keys is less than minDomains, +Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. +And when the number of eligible domains with matching topology keys equals or greater than minDomains, +this value has no effect on scheduling. +As a result, when the number of eligible domains is less than minDomains, +scheduler won't schedule more than maxSkew Pods to those domains. +If value is nil, the constraint behaves as if MinDomains is equal to 1. +Valid values are integers greater than 0. +When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + +For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same +labelSelector spread as 2/2/2: +| zone1 | zone2 | zone3 | +| P P | P P | P P | +The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. +In this situation, new pod with the same labelSelector cannot be scheduled, +because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, +it will violate MaxSkew. + + +This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+ Format: int32
+ 		false
nodeAffinityPolicystring + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector +when calculating pod topology spread skew. Options are: +- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. +- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + +If this value is nil, the behavior is equivalent to the Honor policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
nodeTaintsPolicystring + NodeTaintsPolicy indicates how we will treat node taints when calculating +pod topology spread skew. Options are: +- Honor: nodes without taints, along with tainted nodes for which the incoming pod +has a toleration, are included. +- Ignore: node taints are ignored. All nodes are included. + + +If this value is nil, the behavior is equivalent to the Ignore policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindex) + + + +LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.tolerations[index] +[↩ Parent](#amazoncloudwatchagentspec) + + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index] +[↩ Parent](#amazoncloudwatchagentspec) + + + +TopologySpreadConstraint specifies how to spread matching pods among the given topology. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
maxSkewinteger + MaxSkew describes the degree to which pods may be unevenly distributed. +When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference +between the number of matching pods in the target topology and the global minimum. +The global minimum is the minimum number of matching pods in an eligible domain +or zero if the number of eligible domains is less than MinDomains. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 2/2/1: +In this case, the global minimum is 1. +| zone1 | zone2 | zone3 | +| P P | P P | P | +- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; +scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) +violate MaxSkew(1). +- if MaxSkew is 2, incoming pod can be scheduled onto any zone. +When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence +to topologies that satisfy it. +It's a required field. Default value is 1 and 0 is not allowed.
+
+ Format: int32
+ 		true
topologyKeystring + TopologyKey is the key of node labels. Nodes that have a label with this key +and identical values are considered to be in the same topology. +We consider each as a "bucket", and try to put balanced number +of pods into each bucket. +We define a domain as a particular instance of a topology. +Also, we define an eligible domain as a domain whose nodes meet the requirements of +nodeAffinityPolicy and nodeTaintsPolicy. +e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. +And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. +It's a required field.
+ 		true
whenUnsatisfiablestring + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy +the spread constraint. +- DoNotSchedule (default) tells the scheduler not to schedule it. +- ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. +A constraint is considered "Unsatisfiable" for an incoming pod +if and only if every possible node assignment for that pod would violate +"MaxSkew" on some topology. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 3/1/1: +| zone1 | zone2 | zone3 | +| P P P | P | P | +If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled +to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies +MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler +won't make it *more* imbalanced. +It's a required field.
+ 		true
labelSelectorobject + LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select the pods over which +spreading will be calculated. The keys are used to lookup values from the +incoming pod labels, those key-value labels are ANDed with labelSelector +to select the group of existing pods over which spreading will be calculated +for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +MatchLabelKeys cannot be set when LabelSelector isn't set. +Keys that don't exist in the incoming pod labels will +be ignored. A null or empty list means only match against labelSelector. + + +This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ 		false
minDomainsinteger + MinDomains indicates a minimum number of eligible domains. +When the number of eligible domains with matching topology keys is less than minDomains, +Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. +And when the number of eligible domains with matching topology keys equals or greater than minDomains, +this value has no effect on scheduling. +As a result, when the number of eligible domains is less than minDomains, +scheduler won't schedule more than maxSkew Pods to those domains. +If value is nil, the constraint behaves as if MinDomains is equal to 1. +Valid values are integers greater than 0. +When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + +For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same +labelSelector spread as 2/2/2: +| zone1 | zone2 | zone3 | +| P P | P P | P P | +The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. +In this situation, new pod with the same labelSelector cannot be scheduled, +because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, +it will violate MaxSkew. + + +This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+ Format: int32
+ 		false
nodeAffinityPolicystring + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector +when calculating pod topology spread skew. Options are: +- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. +- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + +If this value is nil, the behavior is equivalent to the Honor policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
nodeTaintsPolicystring + NodeTaintsPolicy indicates how we will treat node taints when calculating +pod topology spread skew. Options are: +- Honor: nodes without taints, along with tainted nodes for which the incoming pod +has a toleration, are included. +- Ignore: node taints are ignored. All nodes are included. + + +If this value is nil, the behavior is equivalent to the Ignore policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindex) + + + +LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.updateStrategy +[↩ Parent](#amazoncloudwatchagentspec) + + + +UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods +https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec +This is only applicable to Daemonset mode. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
rollingUpdateobject + Rolling update config params. Present only if type = "RollingUpdate". +--- +TODO: Update this to follow our convention for oneOf, whatever we decide it +to be. Same as Deployment `strategy.rollingUpdate`. +See https://github.com/kubernetes/kubernetes/issues/35345
+ 		false
typestring + Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.updateStrategy.rollingUpdate +[↩ Parent](#amazoncloudwatchagentspecupdatestrategy) + + + +Rolling update config params. Present only if type = "RollingUpdate". +--- +TODO: Update this to follow our convention for oneOf, whatever we decide it +to be. Same as Deployment `strategy.rollingUpdate`. +See https://github.com/kubernetes/kubernetes/issues/35345 + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
maxSurgeint or string + The maximum number of nodes with an existing available DaemonSet pod that +can have an updated DaemonSet pod during during an update. +Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). +This can not be 0 if MaxUnavailable is 0. +Absolute number is calculated from percentage by rounding up to a minimum of 1. +Default value is 0. +Example: when this is set to 30%, at most 30% of the total number of nodes +that should be running the daemon pod (i.e. status.desiredNumberScheduled) +can have their a new pod created before the old pod is marked as deleted. +The update starts by launching new pods on 30% of nodes. Once an updated +pod is available (Ready for at least minReadySeconds) the old DaemonSet pod +on that node is marked deleted. If the old pod becomes unavailable for any +reason (Ready transitions to false, is evicted, or is drained) an updated +pod is immediatedly created on that node without considering surge limits. +Allowing surge implies the possibility that the resources consumed by the +daemonset on any given node can double if the readiness check fails, and +so resource intensive daemonsets should take into account that they may +cause evictions during disruption.
+ 		false
maxUnavailableint or string + The maximum number of DaemonSet pods that can be unavailable during the +update. Value can be an absolute number (ex: 5) or a percentage of total +number of DaemonSet pods at the start of the update (ex: 10%). Absolute +number is calculated from percentage by rounding up. +This cannot be 0 if MaxSurge is 0 +Default value is 1. +Example: when this is set to 30%, at most 30% of the total number of nodes +that should be running the daemon pod (i.e. status.desiredNumberScheduled) +can have their pods stopped for an update at any given time. The update +starts by stopping at most 30% of those DaemonSet pods and then brings +up new DaemonSet pods in their place. Once the new pods are available, +it then proceeds onto other DaemonSet pods, thus ensuring that at least +70% of original number of DaemonSet pods are available at all times during +the update.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index] +[↩ Parent](#amazoncloudwatchagentspec) + + + +PersistentVolumeClaim is a user's request for and claim to a persistent volume + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstring + APIVersion defines the versioned schema of this representation of an object. +Servers should convert recognized schemas to the latest internal value, and +may reject unrecognized values. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ 		false
kindstring + Kind is a string value representing the REST resource this object represents. +Servers may infer this from the endpoint the client submits requests to. +Cannot be updated. +In CamelCase. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ 		false
metadataobject + Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ 		false
specobject + spec defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
statusobject + status represents the current information/status of a persistent volume claim. +Read-only. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
+ + +### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index].metadata +[↩ Parent](#amazoncloudwatchagentspecvolumeclaimtemplatesindex) + + + +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + + + + + + + + + + + + + + + + + + + @@ -9349,7 +13768,8 @@ Standard object's metadata. More info: https://git.k8s.io/community/contributors -spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +spec defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
NameTypeDescriptionRequired
annotationsmap[string]string +
+ 		false
finalizers[]string +
false
@@ -9364,28 +13784,62 @@ spec defines the desired characteristics of a volume requested by a pod author. @@ -9399,21 +13853,34 @@ spec defines the desired characteristics of a volume requested by a pod author. @@ -9432,7 +13899,14 @@ spec defines the desired characteristics of a volume requested by a pod author. -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
@@ -9461,7 +13935,9 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj @@ -9473,7 +13949,29 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
@@ -9502,14 +14000,18 @@ dataSourceRef specifies the object from which to populate the volume with data, @@ -9521,7 +14023,11 @@ dataSourceRef specifies the object from which to populate the volume with data, -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -9536,14 +14042,18 @@ resources represents the minimum resources the volume should have. If RecoverVol @@ -9577,7 +14087,9 @@ selector is a label query over volumes to consider for binding. @@ -9589,7 +14101,8 @@ selector is a label query over volumes to consider for binding. -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -9611,14 +14124,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -9630,7 +14147,9 @@ A label selector requirement is a selector that contains values, a key, and an o -status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +status represents the current information/status of a persistent volume claim. +Read-only. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -9645,27 +14164,83 @@ status represents the current information/status of a persistent volume claim. R @@ -9679,21 +14254,26 @@ status represents the current information/status of a persistent volume claim. R @@ -9766,7 +14346,9 @@ PersistentVolumeClaimCondition contains details about state of pvc @@ -9778,7 +14360,9 @@ PersistentVolumeClaimCondition contains details about state of pvc -ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. +ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. +When this is unset, there is no ModifyVolume operation being attempted. +This is an alpha field and requires enabling VolumeAttributesClass feature.
accessModes []string - accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the actual access modes the volume backing the PVC has. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
allocatedResourceStatuses map[string]string - allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. - ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. - A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ allocatedResourceStatuses stores status of resource being resized for the given PVC. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +ClaimResourceStatus can be in any of following states: + - ControllerResizeInProgress: + State set when resize controller starts resizing the volume in control-plane. + - ControllerResizeFailed: + State set when resize has failed in resize controller with a terminal error. + - NodeResizePending: + State set when resize controller has finished resizing the volume but further resizing of + volume is needed on the node. + - NodeResizeInProgress: + State set when kubelet starts resizing the volume. + - NodeResizeFailed: + State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + NodeResizeFailed. +For example: if expanding a PVC for more capacity - this field can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" +When this field is not set, it means that no resize operation is in progress for the given PVC. + + +A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 false
allocatedResources map[string]int or string - allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. - Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. - A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ allocatedResources tracks the resources allocated to a PVC including its capacity. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +Capacity reported here may be larger than the actual capacity when a volume expansion operation +is requested. +For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. +If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. +If a volume expansion capacity request is lowered, allocatedResources is only +lowered if there are no expansion operations in progress and if the actual volume capacity +is equal or lower than the requested capacity. + + +A controller that receives PVC update with previously unknown resourceName +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 false
conditions []object - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+ conditions is the current Condition of persistent volume claim. If underlying persistent volume is being +resized then the Condition will be set to 'ResizeStarted'.
 false
currentVolumeAttributesClassName string - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+ currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. +When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim +This is an alpha field and requires enabling VolumeAttributesClass feature.
 false
modifyVolumeStatus object - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature.
+ ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. +When this is unset, there is no ModifyVolume operation being attempted. +This is an alpha field and requires enabling VolumeAttributesClass feature.
 false
reason string - reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
+ reason is a unique, this should be a short, machine understandable string that gives the reason +for condition's last transition. If it reports "ResizeStarted" that means the underlying +persistent volume is being resized.
 false
@@ -9793,7 +14377,16 @@ ModifyVolumeStatus represents the status object of ControllerModifyVolume operat @@ -9827,7 +14420,8 @@ VolumeMount describes a mounting of a Volume within a container. @@ -9841,28 +14435,36 @@ VolumeMount describes a mounting of a Volume within a container. @@ -9889,14 +14491,18 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -9924,7 +14530,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -9952,18 +14559,42 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -9977,7 +14608,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -9991,49 +14623,67 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -10068,7 +14718,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -10082,7 +14733,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -10108,7 +14760,9 @@ Volume represents a named volume in a pod that may be accessed by any container -awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
status string - status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+ status is the status of the ControllerModifyVolume operation. It can be in any of following states: + - Pending + Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as + the specified VolumeAttributesClass not existing. + - InProgress + InProgress indicates that the volume is being modified. + - Infeasible + Infeasible indicates that the request has been rejected as invalid by the CSI driver. To + resolve the error, a valid VolumeAttributesClass needs to be specified. +Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
 true
mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
name string - name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 true
awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
 false
flexVolume object - flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
 false
gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
gitRepo object - gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
 false
glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
hostPath object - hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
 false
iscsi object - iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
 false
secret object - secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
@@ -10123,21 +14777,29 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -10146,7 +14808,8 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -10194,7 +14857,9 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -10208,7 +14873,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -10249,7 +14915,8 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -10276,7 +14943,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -10290,28 +14958,33 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -10323,7 +14996,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -10338,7 +15012,9 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U @@ -10350,7 +15026,8 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U -cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -10365,28 +15042,35 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. @@ -10398,7 +15082,8 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. -secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
@@ -10413,7 +15098,9 @@ secretRef is optional: points to a secret object containing parameters used to c @@ -10440,7 +15127,13 @@ configMap represents a configMap that should populate this volume @@ -10449,14 +15142,22 @@ configMap represents a configMap that should populate this volume @@ -10497,14 +15198,22 @@ Maps a string key to a path within a volume. @@ -10533,35 +15242,44 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -10573,7 +15291,11 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b -nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
@@ -10588,7 +15310,9 @@ nodePublishSecretRef is a reference to the secret object containing sensitive in @@ -10615,7 +15339,14 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -10665,7 +15396,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -10674,7 +15410,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -10720,7 +15457,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -10761,7 +15499,8 @@ Selects a resource of the container: only resources limits and requests (limits. -emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -10776,14 +15515,22 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf @@ -10795,11 +15542,34 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf -ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -10814,10 +15584,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v @@ -10829,10 +15619,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v -Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
@@ -10847,14 +15657,19 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi @@ -10866,7 +15681,10 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi -The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
@@ -10881,28 +15699,62 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -10916,21 +15768,34 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -10949,7 +15814,14 @@ The specification for the PersistentVolumeClaim. The entire content is copied un -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
@@ -10978,7 +15850,9 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj @@ -10990,7 +15864,29 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
@@ -11019,14 +15915,18 @@ dataSourceRef specifies the object from which to populate the volume with data, @@ -11038,7 +15938,11 @@ dataSourceRef specifies the object from which to populate the volume with data, -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -11053,14 +15957,18 @@ resources represents the minimum resources the volume should have. If RecoverVol @@ -11094,7 +16002,9 @@ selector is a label query over volumes to consider for binding. @@ -11106,7 +16016,8 @@ selector is a label query over volumes to consider for binding. -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -11128,14 +16039,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -11147,7 +16062,9 @@ A label selector requirement is a selector that contains values, a key, and an o -May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -11217,7 +16134,10 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -11233,7 +16153,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -11247,7 +16168,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -11259,7 +16181,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach -flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -11281,7 +16204,9 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -11295,14 +16220,19 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -11314,7 +16244,11 @@ flexVolume represents a generic volume resource that is provisioned/attached usi -secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
@@ -11329,7 +16263,9 @@ secretRef is Optional: secretRef is reference to the secret object containing se @@ -11356,7 +16292,8 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -11375,7 +16312,9 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d -gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
@@ -11390,21 +16329,30 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -11413,7 +16361,9 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -11425,7 +16375,10 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's -gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -11447,7 +16400,10 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep @@ -11466,7 +16422,8 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
@@ -11481,21 +16438,25 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. @@ -11507,7 +16468,14 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -11522,14 +16490,18 @@ hostPath represents a pre-existing file or directory on the host machine that is @@ -11541,7 +16513,9 @@ hostPath represents a pre-existing file or directory on the host machine that is -iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -11572,7 +16546,8 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -11593,35 +16568,44 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -11655,7 +16639,9 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -11667,7 +16653,8 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication -nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -11682,21 +16669,25 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: @@ -11708,7 +16699,9 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: -persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -11723,14 +16716,16 @@ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl @@ -11764,7 +16759,9 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -11798,14 +16795,17 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -11832,7 +16832,12 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -11868,10 +16873,22 @@ Projection that may be projected along with other supported volume types @@ -11911,10 +16928,22 @@ Projection that may be projected along with other supported volume types -ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundle object - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
 false
@@ -11936,28 +16965,38 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust @@ -11969,7 +17008,10 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust -Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
+ Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive +with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) +aren't available. If using name, then the named ClusterTrustBundle is +allowed not to exist. If using signerName, then the combination of +signerName and labelSelector is allowed to match zero +ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. +Mutually-exclusive with name. The contents of all selected +ClusterTrustBundles will be unified and deduplicated.
 false
@@ -11991,7 +17033,9 @@ Select all ClusterTrustBundles that match this label selector. Only has effect @@ -12003,7 +17047,8 @@ Select all ClusterTrustBundles that match this label selector. Only has effect -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -12025,14 +17070,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -12059,14 +17108,22 @@ configMap information about the configMap data to project @@ -12107,14 +17164,22 @@ Maps a string key to a path within a volume. @@ -12184,7 +17249,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -12193,7 +17263,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -12239,7 +17310,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -12295,14 +17367,22 @@ secret information about the secret data to project @@ -12343,14 +17423,22 @@ Maps a string key to a path within a volume. @@ -12379,21 +17467,30 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -12422,7 +17519,9 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -12436,28 +17535,32 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -12469,7 +17572,8 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the token into.
+ path is the path relative to the mount point of the file to project the +token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
 true
group string - group to map volume access to Default is no group
+ group to map volume access to +Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to Defaults to serivceaccount user
+ user to map volume access to +Defaults to serivceaccount user
 false
@@ -12484,56 +17588,73 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti @@ -12545,7 +17666,10 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti -secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -12560,7 +17684,9 @@ secretRef is name of the authentication secret for RBDUser. If provided override @@ -12594,7 +17720,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12608,7 +17735,10 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12622,7 +17752,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12636,7 +17767,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12650,7 +17782,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12662,7 +17795,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete -secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
@@ -12677,7 +17811,9 @@ secretRef references to the secret for ScaleIO user and other sensitive informat @@ -12689,7 +17825,8 @@ secretRef references to the secret for ScaleIO user and other sensitive informat -secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -12704,7 +17841,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -12713,7 +17856,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -12727,7 +17876,8 @@ secret represents a secret that should populate this volume. More info: https:// @@ -12761,14 +17911,22 @@ Maps a string key to a path within a volume. @@ -12797,35 +17955,45 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -12837,7 +18005,8 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes -secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -12852,7 +18021,9 @@ secretRef specifies the secret to use for obtaining the StorageOS API credential @@ -12886,7 +18057,9 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -12934,14 +18107,16 @@ AmazonCloudWatchAgentStatus defines the observed state of AmazonCloudWatchAgent. @@ -12984,7 +18159,8 @@ Scale is the AmazonCloudWatchAgent's scale subresource status. @@ -12993,14 +18169,17 @@ Scale is the AmazonCloudWatchAgent's scale subresource status. @@ -13094,7 +18273,8 @@ DcgmExporterSpec defines the desired state of DcgmExporter. @@ -13115,14 +18295,17 @@ DcgmExporterSpec defines the desired state of DcgmExporter. @@ -13136,7 +18319,8 @@ DcgmExporterSpec defines the desired state of DcgmExporter. @@ -13146,6 +18330,14 @@ DcgmExporterSpec defines the desired state of DcgmExporter. TlsConfig is the raw YAML to be used as the exporter TLS configuration.
+ + + + + @@ -13225,14 +18417,26 @@ Describes node affinity scheduling rules for the pod. @@ -13244,7 +18448,8 @@ Describes node affinity scheduling rules for the pod. -An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. +Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. Deprecated: use "AmazonCloudWatchAgent.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. +Deprecated: use "AmazonCloudWatchAgent.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this +AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's +deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / +Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). +Deployment, Daemonset, StatefulSet.
 false
env []object - ENV vars to set on the DCGM Exporter Pods. These can then in certain cases be consumed in the config file for the Collector.
+ ENV vars to set on the DCGM Exporter Pods. These can then in certain cases be +consumed in the config file for the Collector.
 false
nodeSelector map[string]string - NodeSelector to schedule DCGM Exporter pods. This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule DCGM Exporter pods. +This is only relevant to daemonset, statefulset, and deployment mode
 false
ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator +will attempt to infer the required ports by parsing the .Spec.Config property but this property can be +used to open additional ports that can't be inferred by the operator, like for custom receivers.
 false
serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, +the operator will not automatically create a ServiceAccount for the collector.
 false
false
tolerations[]object + Toleration to schedule DCGM Exporter pods. +This is only relevant to daemonset, statefulset, and deployment mode
+ 		false
volumeMounts []objectpreferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
 false
@@ -13314,7 +18519,8 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -13336,14 +18542,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -13355,7 +18566,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -13377,14 +18589,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -13396,7 +18613,11 @@ A node selector requirement is a selector that contains values, a key, and an op -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -13423,7 +18644,9 @@ If the affinity requirements specified by this field are not met at scheduling t -A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -13457,7 +18680,8 @@ A null or empty node selector term matches no objects. The requirements of them -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -13479,14 +18703,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -13498,7 +18727,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -13520,14 +18750,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -13554,14 +18789,28 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -13595,7 +18844,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -13624,42 +18874,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -13671,7 +18949,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -13693,7 +18972,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -13705,7 +18986,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -13727,14 +19009,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -13746,7 +19032,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -13768,7 +19058,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -13780,7 +19072,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -13802,14 +19095,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -13821,7 +19118,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -13836,42 +19138,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -13883,7 +19213,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -13905,7 +19236,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -13917,7 +19250,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -13939,14 +19273,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -13958,7 +19296,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -13980,7 +19322,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -13992,7 +19336,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14014,14 +19359,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14048,14 +19397,28 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -14089,7 +19452,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -14118,42 +19482,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -14165,7 +19557,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -14187,7 +19580,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -14199,7 +19594,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14221,14 +19617,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14240,7 +19640,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -14262,7 +19666,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -14274,7 +19680,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14296,14 +19703,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14315,7 +19726,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -14330,42 +19746,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -14377,7 +19821,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -14399,7 +19844,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -14411,7 +19858,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14433,14 +19881,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14452,7 +19904,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -14474,7 +19930,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -14486,7 +19944,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14508,14 +19967,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14549,7 +20012,15 @@ EnvVar represents an environment variable present in a Container. @@ -14590,14 +20061,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -14638,7 +20111,9 @@ Selects a key of a ConfigMap. @@ -14657,7 +20132,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -14691,7 +20167,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -14754,7 +20231,9 @@ Selects a key of a secret in the pod's namespace @@ -14797,24 +20276,50 @@ ServicePort contains information on service's port. @@ -14823,7 +20328,8 @@ ServicePort contains information on service's port. @@ -14832,7 +20338,14 @@ ServicePort contains information on service's port. @@ -14859,23 +20372,33 @@ Resources to set on the DCGM Exporter pods. @@ -14902,13 +20425,82 @@ ResourceClaim references one entry in PodSpec.ResourceClaims.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
appProtocol string - The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
+ The application protocol for this port. +This is used as a hint for implementations to offer richer behavior for protocols that they understand. +This field follows standard Kubernetes label syntax. +Valid values are either: + + +* Un-prefixed protocol names - reserved for IANA standard service names (as per +RFC-6335 and https://www.iana.org/assignments/service-names). + + +* Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + +* Other protocols should use implementation-defined prefixed names such as +mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. +All ports within a ServiceSpec must have unique names. When considering +the endpoints for a Service, this must match the 'name' field in the +EndpointPort. +Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is +NodePort or LoadBalancer. Usually assigned by the system. If a value is +specified, in-range, and not in use it will be used, otherwise the +operation will fail. If not specified, a port will be allocated if this +Service requires one. If this field is specified when creating a +Service which does not need it, creation will fail. This field will be +wiped when updating a Service to no longer need it (e.g. changing type +from NodePort to ClusterIP). +More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". +Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. +Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +If this is a string, it will be looked up as a named port in the +target Pod's container ports. If this is not specified, the value +of the 'port' field is used (an identity map). +This field is ignored for services with clusterIP=None, and should be +omitted or set equal to the 'port' field. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
+### DcgmExporter.spec.tolerations[index] +[↩ Parent](#dcgmexporterspec) + + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
+ 		false
+ + ### DcgmExporter.spec.volumeMounts[index] [↩ Parent](#dcgmexporterspec) @@ -14929,7 +20521,8 @@ VolumeMount describes a mounting of a Volume within a container. mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
true @@ -14943,28 +20536,36 @@ VolumeMount describes a mounting of a Volume within a container. mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
false readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
false subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
false subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
false @@ -14991,14 +20592,18 @@ Volume represents a named volume in a pod that may be accessed by any container name string - name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
true awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false @@ -15026,7 +20631,8 @@ Volume represents a named volume in a pod that may be accessed by any container cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
false @@ -15054,18 +20660,42 @@ Volume represents a named volume in a pod that may be accessed by any container emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
false ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
false @@ -15079,7 +20709,8 @@ Volume represents a named volume in a pod that may be accessed by any container flexVolume object - flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
false @@ -15093,49 +20724,67 @@ Volume represents a named volume in a pod that may be accessed by any container gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
false gitRepo object - gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
false glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
false hostPath object - hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
false iscsi object - iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
false nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
false persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
false @@ -15170,7 +20819,8 @@ Volume represents a named volume in a pod that may be accessed by any container rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
false @@ -15184,7 +20834,8 @@ Volume represents a named volume in a pod that may be accessed by any container secret object - secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
false @@ -15210,7 +20861,9 @@ Volume represents a named volume in a pod that may be accessed by any container -awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -15225,21 +20878,29 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -15248,7 +20909,8 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -15296,7 +20958,9 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -15310,7 +20974,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -15351,7 +21016,8 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -15378,7 +21044,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -15392,28 +21059,33 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -15425,7 +21097,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -15440,7 +21113,9 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U @@ -15452,7 +21127,8 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U -cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -15467,28 +21143,35 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. @@ -15500,7 +21183,8 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. -secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
@@ -15515,7 +21199,9 @@ secretRef is optional: points to a secret object containing parameters used to c @@ -15542,7 +21228,13 @@ configMap represents a configMap that should populate this volume @@ -15551,14 +21243,22 @@ configMap represents a configMap that should populate this volume @@ -15599,14 +21299,22 @@ Maps a string key to a path within a volume. @@ -15635,35 +21343,44 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -15675,7 +21392,11 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b -nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
@@ -15690,7 +21411,9 @@ nodePublishSecretRef is a reference to the secret object containing sensitive in @@ -15717,7 +21440,14 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -15767,7 +21497,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -15776,7 +21511,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -15822,7 +21558,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -15863,7 +21600,8 @@ Selects a resource of the container: only resources limits and requests (limits. -emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -15878,14 +21616,22 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf @@ -15897,11 +21643,34 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf -ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -15916,10 +21685,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v @@ -15931,10 +21720,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v -Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
@@ -15949,14 +21758,19 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi @@ -15968,7 +21782,10 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi -The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
@@ -15983,28 +21800,62 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -16018,21 +21869,34 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -16051,7 +21915,14 @@ The specification for the PersistentVolumeClaim. The entire content is copied un -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
@@ -16080,7 +21951,9 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj @@ -16092,7 +21965,29 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
@@ -16121,14 +22016,18 @@ dataSourceRef specifies the object from which to populate the volume with data, @@ -16140,7 +22039,11 @@ dataSourceRef specifies the object from which to populate the volume with data, -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -16155,14 +22058,18 @@ resources represents the minimum resources the volume should have. If RecoverVol @@ -16196,7 +22103,9 @@ selector is a label query over volumes to consider for binding. @@ -16208,7 +22117,8 @@ selector is a label query over volumes to consider for binding. -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -16230,14 +22140,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -16249,7 +22163,9 @@ A label selector requirement is a selector that contains values, a key, and an o -May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -16319,7 +22235,10 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -16335,7 +22254,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -16349,7 +22269,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -16361,7 +22282,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach -flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -16383,7 +22305,9 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -16397,14 +22321,19 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -16416,7 +22345,11 @@ flexVolume represents a generic volume resource that is provisioned/attached usi -secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
@@ -16431,7 +22364,9 @@ secretRef is Optional: secretRef is reference to the secret object containing se @@ -16458,7 +22393,8 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -16477,7 +22413,9 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d -gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
@@ -16492,21 +22430,30 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -16515,7 +22462,9 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -16527,7 +22476,10 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's -gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -16549,7 +22501,10 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep @@ -16568,7 +22523,8 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
@@ -16583,21 +22539,25 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. @@ -16609,7 +22569,14 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -16624,14 +22591,18 @@ hostPath represents a pre-existing file or directory on the host machine that is @@ -16643,7 +22614,9 @@ hostPath represents a pre-existing file or directory on the host machine that is -iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -16674,7 +22647,8 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -16695,35 +22669,44 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -16757,7 +22740,9 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -16769,7 +22754,8 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication -nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -16784,21 +22770,25 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: @@ -16810,7 +22800,9 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: -persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -16825,14 +22817,16 @@ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl @@ -16866,7 +22860,9 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -16900,14 +22896,17 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -16934,7 +22933,12 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -16970,10 +22974,22 @@ Projection that may be projected along with other supported volume types @@ -17013,10 +23029,22 @@ Projection that may be projected along with other supported volume types -ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundle object - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
 false
@@ -17038,28 +23066,38 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust @@ -17071,7 +23109,10 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust -Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
+ Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive +with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) +aren't available. If using name, then the named ClusterTrustBundle is +allowed not to exist. If using signerName, then the combination of +signerName and labelSelector is allowed to match zero +ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. +Mutually-exclusive with name. The contents of all selected +ClusterTrustBundles will be unified and deduplicated.
 false
@@ -17093,7 +23134,9 @@ Select all ClusterTrustBundles that match this label selector. Only has effect @@ -17105,7 +23148,8 @@ Select all ClusterTrustBundles that match this label selector. Only has effect -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -17127,14 +23171,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -17161,14 +23209,22 @@ configMap information about the configMap data to project @@ -17209,14 +23265,22 @@ Maps a string key to a path within a volume. @@ -17286,7 +23350,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -17295,7 +23364,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -17341,7 +23411,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -17397,14 +23468,22 @@ secret information about the secret data to project @@ -17445,14 +23524,22 @@ Maps a string key to a path within a volume. @@ -17481,21 +23568,30 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -17524,7 +23620,9 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -17538,28 +23636,32 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -17571,7 +23673,8 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the token into.
+ path is the path relative to the mount point of the file to project the +token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
 true
group string - group to map volume access to Default is no group
+ group to map volume access to +Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to Defaults to serivceaccount user
+ user to map volume access to +Defaults to serivceaccount user
 false
@@ -17586,56 +23689,73 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti @@ -17647,7 +23767,10 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti -secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -17662,7 +23785,9 @@ secretRef is name of the authentication secret for RBDUser. If provided override @@ -17696,7 +23821,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17710,7 +23836,10 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17724,7 +23853,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17738,7 +23868,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17752,7 +23883,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17764,7 +23896,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete -secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
@@ -17779,7 +23912,9 @@ secretRef references to the secret for ScaleIO user and other sensitive informat @@ -17791,7 +23926,8 @@ secretRef references to the secret for ScaleIO user and other sensitive informat -secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -17806,7 +23942,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -17815,7 +23957,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -17829,7 +23977,8 @@ secret represents a secret that should populate this volume. More info: https:// @@ -17863,14 +24012,22 @@ Maps a string key to a path within a volume. @@ -17899,35 +24056,45 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -17939,7 +24106,8 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes -secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -17954,7 +24122,9 @@ secretRef specifies the secret to use for obtaining the StorageOS API credential @@ -17988,7 +24158,9 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -18036,14 +24208,16 @@ DcgmExporterStatus defines the observed state of DcgmExporter. @@ -18086,7 +24260,8 @@ Scale is the DcgmExporter's scale subresource status. @@ -18095,14 +24270,17 @@ Scale is the DcgmExporter's scale subresource status. @@ -18196,7 +24374,9 @@ InstrumentationSpec defines the desired state of OpenTelemetry SDK and instrumen @@ -18210,7 +24390,10 @@ InstrumentationSpec defines the desired state of OpenTelemetry SDK and instrumen @@ -18238,7 +24421,9 @@ InstrumentationSpec defines the desired state of OpenTelemetry SDK and instrumen @@ -18286,21 +24471,26 @@ ApacheHttpd defines configuration for Apache HTTPD auto-instrumentation. @@ -18328,7 +24518,8 @@ ApacheHttpd defines configuration for Apache HTTPD auto-instrumentation. @@ -18362,7 +24553,15 @@ EnvVar represents an environment variable present in a Container. @@ -18403,14 +24602,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -18451,7 +24652,9 @@ Selects a key of a ConfigMap. @@ -18470,7 +24673,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. +Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. Deprecated: use "DcgmExporter.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. +Deprecated: use "DcgmExporter.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this +AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's +deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / +Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). +Deployment, Daemonset, StatefulSet.
 false
env []object - Env defines common env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines common env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
go object - Go defines configuration for Go auto-instrumentation. When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
+ Go defines configuration for Go auto-instrumentation. +When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the +Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. +Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
 false
propagators []enum - Propagators defines inter-process context propagation configuration. Values in this list will be set in the OTEL_PROPAGATORS env var. Enum=tracecontext;baggage;b3;b3multi;jaeger;xray;ottrace;none
+ Propagators defines inter-process context propagation configuration. +Values in this list will be set in the OTEL_PROPAGATORS env var. +Enum=tracecontext;baggage;b3;b3multi;jaeger;xray;ottrace;none
 false
attrs []object - Attrs defines Apache HTTPD agent specific attributes. The precedence is: `agent default attributes` > `instrument spec attributes` . Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
+ Attrs defines Apache HTTPD agent specific attributes. The precedence is: +`agent default attributes` > `instrument spec attributes` . +Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
 false
configPath string - Location of Apache HTTPD server configuration. Needed only if different from default "/usr/local/apache2/conf"
+ Location of Apache HTTPD server configuration. +Needed only if different from default "/usr/local/apache2/conf"
 false
env []object - Env defines Apache HTTPD specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines Apache HTTPD specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -18504,7 +24708,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -18567,7 +24772,9 @@ Selects a key of a secret in the pod's namespace @@ -18608,7 +24815,15 @@ EnvVar represents an environment variable present in a Container. @@ -18649,14 +24864,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -18697,7 +24914,9 @@ Selects a key of a ConfigMap. @@ -18716,7 +24935,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -18750,7 +24970,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -18813,7 +25034,9 @@ Selects a key of a secret in the pod's namespace @@ -18847,23 +25070,33 @@ Resources describes the compute resource requirements. @@ -18890,7 +25123,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -18917,7 +25152,9 @@ DotNet defines configuration for DotNet auto-instrumentation. @@ -18938,7 +25175,8 @@ DotNet defines configuration for DotNet auto-instrumentation. @@ -18972,7 +25210,15 @@ EnvVar represents an environment variable present in a Container. @@ -19013,14 +25259,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -19061,7 +25309,9 @@ Selects a key of a ConfigMap. @@ -19080,7 +25330,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
env []object - Env defines DotNet specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines DotNet specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -19114,7 +25365,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -19177,7 +25429,9 @@ Selects a key of a secret in the pod's namespace @@ -19211,23 +25465,33 @@ Resources describes the compute resource requirements. @@ -19254,7 +25518,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -19288,7 +25554,15 @@ EnvVar represents an environment variable present in a Container. @@ -19329,14 +25603,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -19377,7 +25653,9 @@ Selects a key of a ConfigMap. @@ -19396,7 +25674,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -19430,7 +25709,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -19493,7 +25773,9 @@ Selects a key of a secret in the pod's namespace @@ -19539,7 +25821,10 @@ Exporter defines exporter configuration. -Go defines configuration for Go auto-instrumentation. When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged. +Go defines configuration for Go auto-instrumentation. +When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the +Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. +Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -19554,7 +25839,9 @@ Go defines configuration for Go auto-instrumentation. When using Go auto-instrum @@ -19575,7 +25862,8 @@ Go defines configuration for Go auto-instrumentation. When using Go auto-instrum @@ -19609,7 +25897,15 @@ EnvVar represents an environment variable present in a Container. @@ -19650,14 +25946,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -19698,7 +25996,9 @@ Selects a key of a ConfigMap. @@ -19717,7 +26017,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
env []object - Env defines Go specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines Go specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -19751,7 +26052,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -19814,7 +26116,9 @@ Selects a key of a secret in the pod's namespace @@ -19848,23 +26152,33 @@ Resources describes the compute resource requirements. @@ -19891,7 +26205,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -19918,7 +26234,9 @@ Java defines configuration for java auto-instrumentation. @@ -19939,7 +26257,8 @@ Java defines configuration for java auto-instrumentation. @@ -19973,7 +26292,15 @@ EnvVar represents an environment variable present in a Container. @@ -20014,14 +26341,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -20062,7 +26391,9 @@ Selects a key of a ConfigMap. @@ -20081,7 +26412,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
env []object - Env defines java specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines java specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -20115,7 +26447,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -20178,7 +26511,9 @@ Selects a key of a secret in the pod's namespace @@ -20212,23 +26547,33 @@ Resources describes the compute resource requirements. @@ -20255,7 +26600,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -20282,21 +26629,26 @@ Nginx defines configuration for Nginx auto-instrumentation. @@ -20317,7 +26669,8 @@ Nginx defines configuration for Nginx auto-instrumentation. @@ -20351,7 +26704,15 @@ EnvVar represents an environment variable present in a Container. @@ -20392,14 +26753,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -20440,7 +26803,9 @@ Selects a key of a ConfigMap. @@ -20459,7 +26824,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
attrs []object - Attrs defines Nginx agent specific attributes. The precedence order is: `agent default attributes` > `instrument spec attributes` . Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
+ Attrs defines Nginx agent specific attributes. The precedence order is: +`agent default attributes` > `instrument spec attributes` . +Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
 false
configFile string - Location of Nginx configuration file. Needed only if different from default "/etx/nginx/nginx.conf"
+ Location of Nginx configuration file. +Needed only if different from default "/etx/nginx/nginx.conf"
 false
env []object - Env defines Nginx specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines Nginx specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -20493,7 +26859,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -20556,7 +26923,9 @@ Selects a key of a secret in the pod's namespace @@ -20597,7 +26966,15 @@ EnvVar represents an environment variable present in a Container. @@ -20638,14 +27015,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -20686,7 +27065,9 @@ Selects a key of a ConfigMap. @@ -20705,7 +27086,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -20739,7 +27121,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -20802,7 +27185,9 @@ Selects a key of a secret in the pod's namespace @@ -20836,23 +27221,33 @@ Resources describes the compute resource requirements. @@ -20879,7 +27274,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -20906,7 +27303,9 @@ NodeJS defines configuration for nodejs auto-instrumentation. @@ -20927,7 +27326,8 @@ NodeJS defines configuration for nodejs auto-instrumentation. @@ -20961,7 +27361,15 @@ EnvVar represents an environment variable present in a Container. @@ -21002,14 +27410,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -21050,7 +27460,9 @@ Selects a key of a ConfigMap. @@ -21069,7 +27481,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
env []object - Env defines nodejs specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines nodejs specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -21103,7 +27516,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -21166,7 +27580,9 @@ Selects a key of a secret in the pod's namespace @@ -21200,23 +27616,33 @@ Resources describes the compute resource requirements. @@ -21243,7 +27669,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -21270,7 +27698,9 @@ Python defines configuration for python auto-instrumentation. @@ -21291,7 +27721,8 @@ Python defines configuration for python auto-instrumentation. @@ -21325,7 +27756,15 @@ EnvVar represents an environment variable present in a Container. @@ -21366,14 +27805,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -21414,7 +27855,9 @@ Selects a key of a ConfigMap. @@ -21433,7 +27876,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
env []object - Env defines python specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines python specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -21467,7 +27911,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -21530,7 +27975,9 @@ Selects a key of a secret in the pod's namespace @@ -21564,23 +28011,33 @@ Resources describes the compute resource requirements. @@ -21607,7 +28064,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -21641,7 +28100,8 @@ Resource defines the configuration for the resource attributes, as defined by th @@ -21668,14 +28128,19 @@ Sampler defines sampling configuration. @@ -21771,14 +28236,22 @@ NeuronMonitorSpec defines the desired state of NeuronMonitor. @@ -21799,14 +28272,17 @@ NeuronMonitorSpec defines the desired state of NeuronMonitor. @@ -21820,16 +28296,33 @@ NeuronMonitorSpec defines the desired state of NeuronMonitor. + + + + + @@ -21911,14 +28404,26 @@ Describes node affinity scheduling rules for the pod. @@ -21930,7 +28435,8 @@ Describes node affinity scheduling rules for the pod. -An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
resourceAttributes map[string]string - Attributes defines attributes that are added to the resource. For example environment: dev
+ Attributes defines attributes that are added to the resource. +For example environment: dev
 false
argument string - Argument defines sampler argument. The value depends on the sampler type. For instance for parentbased_traceidratio sampler type it is a number in range [0..1] e.g. 0.25. The value will be set in the OTEL_TRACES_SAMPLER_ARG env var.
+ Argument defines sampler argument. +The value depends on the sampler type. +For instance for parentbased_traceidratio sampler type it is a number in range [0..1] e.g. 0.25. +The value will be set in the OTEL_TRACES_SAMPLER_ARG env var.
 false
type enum - Type defines sampler type. The value will be set in the OTEL_TRACES_SAMPLER env var. The value can be for instance parentbased_always_on, parentbased_always_off, parentbased_traceidratio...
+ Type defines sampler type. +The value will be set in the OTEL_TRACES_SAMPLER env var. +The value can be for instance parentbased_always_on, parentbased_always_off, parentbased_traceidratio...

Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray
command []string - Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object - ENV vars to set on the Neuron Monitor Exporter Pods. These can then in certain cases be consumed in the config file for the Collector.
+ ENV vars to set on the Neuron Monitor Exporter Pods. These can then in certain cases be +consumed in the config file for the Collector.
 false
nodeSelector map[string]string - NodeSelector to schedule Neuron Monitor Exporter pods. This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule Neuron Monitor Exporter pods. +This is only relevant to daemonset, statefulset, and deployment mode
 false
ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator +will attempt to infer the required ports by parsing the .Spec.Config property but this property can be +used to open additional ports that can't be inferred by the operator, like for custom receivers.
 false
securityContext object - SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container.
+ SecurityContext configures the container security context for +the amazon-cloudwatch-agent container. + + +In deployment, daemonset, or statefulset mode, this controls +the security context settings for the primary application +container. + + +In sidecar mode, this controls the security context for the +injected sidecar container.
 false
serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, +the operator will not automatically create a ServiceAccount for the collector.
+ 		false
tolerations[]object + Toleration to schedule Neuron Monitor Exporter pods. +This is only relevant to daemonset, statefulset, and deployment mode
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
 false
@@ -22000,7 +28506,8 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -22022,14 +28529,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -22041,7 +28553,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -22063,14 +28576,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -22082,7 +28600,11 @@ A node selector requirement is a selector that contains values, a key, and an op -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -22109,7 +28631,9 @@ If the affinity requirements specified by this field are not met at scheduling t -A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -22143,7 +28667,8 @@ A null or empty node selector term matches no objects. The requirements of them -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -22165,14 +28690,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -22184,7 +28714,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -22206,14 +28737,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -22240,14 +28776,28 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -22281,7 +28831,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -22310,42 +28861,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -22357,7 +28936,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -22379,7 +28959,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -22391,7 +28973,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22413,14 +28996,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22432,7 +29019,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -22454,7 +29045,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -22466,7 +29059,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22488,14 +29082,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22507,7 +29105,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -22522,42 +29125,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -22569,7 +29200,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -22591,7 +29223,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -22603,7 +29237,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22625,14 +29260,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22644,7 +29283,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -22666,7 +29309,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -22678,7 +29323,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22700,14 +29346,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22734,14 +29384,28 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -22775,7 +29439,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -22804,42 +29469,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -22851,7 +29544,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -22873,7 +29567,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -22885,7 +29581,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22907,14 +29604,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22926,7 +29627,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -22948,7 +29653,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -22960,7 +29667,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22982,14 +29690,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -23001,7 +29713,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -23016,42 +29733,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -23063,7 +29808,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -23085,7 +29831,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -23097,7 +29845,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -23119,14 +29868,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -23138,7 +29891,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -23160,7 +29917,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -23172,7 +29931,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -23194,14 +29954,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -23235,7 +29999,15 @@ EnvVar represents an environment variable present in a Container. @@ -23276,14 +30048,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -23324,7 +30098,9 @@ Selects a key of a ConfigMap. @@ -23343,7 +30119,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -23377,7 +30154,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -23440,7 +30218,9 @@ Selects a key of a secret in the pod's namespace @@ -23483,24 +30263,50 @@ ServicePort contains information on service's port. @@ -23509,7 +30315,8 @@ ServicePort contains information on service's port. @@ -23518,7 +30325,14 @@ ServicePort contains information on service's port. @@ -23545,23 +30359,33 @@ Resources to set on the Neuron Monitor Exporter pods. @@ -23588,7 +30412,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -23600,9 +30426,17 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. +SecurityContext configures the container security context for +the amazon-cloudwatch-agent container. + + +In deployment, daemonset, or statefulset mode, this controls +the security context settings for the primary application +container. + + +In sidecar mode, this controls the security context for the +injected sidecar container.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
appProtocol string - The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
+ The application protocol for this port. +This is used as a hint for implementations to offer richer behavior for protocols that they understand. +This field follows standard Kubernetes label syntax. +Valid values are either: + + +* Un-prefixed protocol names - reserved for IANA standard service names (as per +RFC-6335 and https://www.iana.org/assignments/service-names). + + +* Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + +* Other protocols should use implementation-defined prefixed names such as +mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. +All ports within a ServiceSpec must have unique names. When considering +the endpoints for a Service, this must match the 'name' field in the +EndpointPort. +Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is +NodePort or LoadBalancer. Usually assigned by the system. If a value is +specified, in-range, and not in use it will be used, otherwise the +operation will fail. If not specified, a port will be allocated if this +Service requires one. If this field is specified when creating a +Service which does not need it, creation will fail. This field will be +wiped when updating a Service to no longer need it (e.g. changing type +from NodePort to ClusterIP). +More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". +Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. +Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +If this is a string, it will be looked up as a named port in the +target Pod's container ports. If this is not specified, the value +of the 'port' field is used (an identity map). +This field is ignored for services with clusterIP=None, and should be +omitted or set equal to the 'port' field. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
@@ -23617,42 +30451,63 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -23661,14 +30516,23 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -23677,21 +30541,31 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -23703,7 +30577,9 @@ SecurityContext configures the container security context for the amazon-cloudwa -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -23737,7 +30613,11 @@ The capabilities to add/drop when running containers. Defaults to the default se -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
@@ -23785,7 +30665,10 @@ The SELinux context to be applied to the container. If unspecified, the containe -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
@@ -23800,15 +30683,23 @@ The seccomp options to use by this container. If seccomp options are provided at @@ -23820,7 +30711,10 @@ The seccomp options to use by this container. If seccomp options are provided at -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -23835,7 +30729,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -23849,14 +30745,87 @@ The Windows specific settings applied to all containers. If unspecified, the opt + + +
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
+ + +### NeuronMonitor.spec.tolerations[index] +[↩ Parent](#neuronmonitorspec) + + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -23883,7 +30852,8 @@ VolumeMount describes a mounting of a Volume within a container. @@ -23897,28 +30867,36 @@ VolumeMount describes a mounting of a Volume within a container. @@ -23945,14 +30923,18 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -23980,7 +30962,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24008,18 +30991,42 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24033,7 +31040,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24047,49 +31055,67 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24124,7 +31150,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24138,7 +31165,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24164,7 +31192,9 @@ Volume represents a named volume in a pod that may be accessed by any container -awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
 false
mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
name string - name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 true
awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
 false
flexVolume object - flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
 false
gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
gitRepo object - gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
 false
glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
hostPath object - hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
 false
iscsi object - iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
 false
secret object - secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
@@ -24179,21 +31209,29 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -24202,7 +31240,8 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -24250,7 +31289,9 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -24264,7 +31305,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -24305,7 +31347,8 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -24332,7 +31375,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -24346,28 +31390,33 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -24379,7 +31428,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -24394,7 +31444,9 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U @@ -24406,7 +31458,8 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U -cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -24421,28 +31474,35 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. @@ -24454,7 +31514,8 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. -secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
@@ -24469,7 +31530,9 @@ secretRef is optional: points to a secret object containing parameters used to c @@ -24496,7 +31559,13 @@ configMap represents a configMap that should populate this volume @@ -24505,14 +31574,22 @@ configMap represents a configMap that should populate this volume @@ -24553,14 +31630,22 @@ Maps a string key to a path within a volume. @@ -24589,35 +31674,44 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -24629,7 +31723,11 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b -nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
@@ -24644,7 +31742,9 @@ nodePublishSecretRef is a reference to the secret object containing sensitive in @@ -24671,7 +31771,14 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -24721,7 +31828,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -24730,7 +31842,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -24776,7 +31889,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -24817,7 +31931,8 @@ Selects a resource of the container: only resources limits and requests (limits. -emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -24832,14 +31947,22 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf @@ -24851,11 +31974,34 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf -ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -24870,10 +32016,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v @@ -24885,10 +32051,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v -Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
@@ -24903,14 +32089,19 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi @@ -24922,7 +32113,10 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi -The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
@@ -24937,28 +32131,62 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -24972,21 +32200,34 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -25005,7 +32246,14 @@ The specification for the PersistentVolumeClaim. The entire content is copied un -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
@@ -25034,7 +32282,9 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj @@ -25046,7 +32296,29 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
@@ -25075,14 +32347,18 @@ dataSourceRef specifies the object from which to populate the volume with data, @@ -25094,7 +32370,11 @@ dataSourceRef specifies the object from which to populate the volume with data, -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -25109,14 +32389,18 @@ resources represents the minimum resources the volume should have. If RecoverVol @@ -25150,7 +32434,9 @@ selector is a label query over volumes to consider for binding. @@ -25162,7 +32448,8 @@ selector is a label query over volumes to consider for binding. -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -25184,14 +32471,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -25203,7 +32494,9 @@ A label selector requirement is a selector that contains values, a key, and an o -May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -25273,7 +32566,10 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -25289,7 +32585,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -25303,7 +32600,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -25315,7 +32613,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach -flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -25337,7 +32636,9 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -25351,14 +32652,19 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -25370,7 +32676,11 @@ flexVolume represents a generic volume resource that is provisioned/attached usi -secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
@@ -25385,7 +32695,9 @@ secretRef is Optional: secretRef is reference to the secret object containing se @@ -25412,7 +32724,8 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -25431,7 +32744,9 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d -gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
@@ -25446,21 +32761,30 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -25469,7 +32793,9 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -25481,7 +32807,10 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's -gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -25503,7 +32832,10 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep @@ -25522,7 +32854,8 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
@@ -25537,21 +32870,25 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. @@ -25563,7 +32900,14 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -25578,14 +32922,18 @@ hostPath represents a pre-existing file or directory on the host machine that is @@ -25597,7 +32945,9 @@ hostPath represents a pre-existing file or directory on the host machine that is -iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -25628,7 +32978,8 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -25649,35 +33000,44 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -25711,7 +33071,9 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -25723,7 +33085,8 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication -nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -25738,21 +33101,25 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: @@ -25764,7 +33131,9 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: -persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -25779,14 +33148,16 @@ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl @@ -25820,7 +33191,9 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -25854,14 +33227,17 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -25888,7 +33264,12 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -25924,10 +33305,22 @@ Projection that may be projected along with other supported volume types @@ -25967,10 +33360,22 @@ Projection that may be projected along with other supported volume types -ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundle object - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
 false
@@ -25992,28 +33397,38 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust @@ -26025,7 +33440,10 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust -Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
+ Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive +with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) +aren't available. If using name, then the named ClusterTrustBundle is +allowed not to exist. If using signerName, then the combination of +signerName and labelSelector is allowed to match zero +ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. +Mutually-exclusive with name. The contents of all selected +ClusterTrustBundles will be unified and deduplicated.
 false
@@ -26047,7 +33465,9 @@ Select all ClusterTrustBundles that match this label selector. Only has effect @@ -26059,7 +33479,8 @@ Select all ClusterTrustBundles that match this label selector. Only has effect -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -26081,14 +33502,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -26115,14 +33540,22 @@ configMap information about the configMap data to project @@ -26163,14 +33596,22 @@ Maps a string key to a path within a volume. @@ -26240,7 +33681,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -26249,7 +33695,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -26295,7 +33742,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -26351,14 +33799,22 @@ secret information about the secret data to project @@ -26399,14 +33855,22 @@ Maps a string key to a path within a volume. @@ -26435,21 +33899,30 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -26478,7 +33951,9 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -26492,28 +33967,32 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -26525,7 +34004,8 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the token into.
+ path is the path relative to the mount point of the file to project the +token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
 true
group string - group to map volume access to Default is no group
+ group to map volume access to +Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to Defaults to serivceaccount user
+ user to map volume access to +Defaults to serivceaccount user
 false
@@ -26540,56 +34020,73 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti @@ -26601,7 +34098,10 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti -secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -26616,7 +34116,9 @@ secretRef is name of the authentication secret for RBDUser. If provided override @@ -26650,7 +34152,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26664,7 +34167,10 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26678,7 +34184,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26692,7 +34199,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26706,7 +34214,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26718,7 +34227,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete -secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
@@ -26733,7 +34243,9 @@ secretRef references to the secret for ScaleIO user and other sensitive informat @@ -26745,7 +34257,8 @@ secretRef references to the secret for ScaleIO user and other sensitive informat -secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -26760,7 +34273,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -26769,7 +34288,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -26783,7 +34308,8 @@ secret represents a secret that should populate this volume. More info: https:// @@ -26817,14 +34343,22 @@ Maps a string key to a path within a volume. @@ -26853,35 +34387,45 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -26893,7 +34437,8 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes -secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -26908,7 +34453,9 @@ secretRef specifies the secret to use for obtaining the StorageOS API credential @@ -26942,7 +34489,9 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -26990,14 +34539,16 @@ NeuronMonitorStatus defines the observed state of NeuronMonitor. @@ -27040,7 +34591,8 @@ Scale is the NeuronMonitor's scale subresource status. @@ -27049,14 +34601,17 @@ Scale is the NeuronMonitor's scale subresource status. From 0ef552935961aec5b189dc9904eef94a58405bd1 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 19:21:29 -0400 Subject: [PATCH 12/99] Revert "Updated doc and imports." This reverts commit ea3c937b1ec15c2c7f496636610225ef0dfb1f83. --- apis/v1alpha1/collector_webhook.go | 1 - docs/api.md | 11091 +++++---------------------- 2 files changed, 1768 insertions(+), 9324 deletions(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 800758893..0a1922727 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -6,7 +6,6 @@ package v1alpha1 import ( "context" "fmt" - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" diff --git a/docs/api.md b/docs/api.md index 2756500c8..0402e3a10 100644 --- a/docs/api.md +++ b/docs/api.md @@ -93,20 +93,9 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -127,8 +116,7 @@ doing so, you wil accept the risk of it breaking things.
@@ -142,25 +130,21 @@ for the AmazonCloudWatchAgent workload.
@@ -188,20 +172,14 @@ These can then in certain cases be consumed in the config file for the Collector @@ -215,16 +193,14 @@ https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
@@ -244,8 +219,7 @@ Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" instead.
minReplicas @@ -263,8 +237,7 @@ Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.
nodeSelector @@ -278,46 +251,36 @@ This is only relevant to daemonset, statefulset, and deployment mode
@@ -340,32 +303,16 @@ default.
- - - - - @@ -381,28 +328,21 @@ the operator will not automatically create a ServiceAccount for the collector.tolerations @@ -439,9 +379,7 @@ This is only applicable to Daemonset mode.
 @@ -468,119 +406,77 @@ A single application container that you want to run within a pod. @@ -594,108 +490,63 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -709,18 +560,14 @@ Default is false.
 @@ -754,15 +601,7 @@ EnvVar represents an environment variable present in a Container. @@ -803,16 +642,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -853,9 +690,7 @@ Selects a key of a ConfigMap. @@ -874,8 +709,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. +Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. Deprecated: use "NeuronMonitor.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. +Deprecated: use "NeuronMonitor.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this +AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's +deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / +Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). +Deployment, Daemonset, StatefulSet.
 false
additionalContainers []object - AdditionalContainers allows injecting additional containers into the Collector's pod definition. -These sidecar containers can be used for authentication proxies, log shipping sidecars, agents for shipping -metrics to their cloud, or in general sidecars that do not support automatic injection. This option only -applies to Deployment, DaemonSet, and StatefulSet deployment modes of the collector. It does not apply to the sidecar -deployment mode. More info about sidecars: -https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - - -Container names managed by the operator: -* `otc-container` - - -Overriding containers managed by the operator is outside the scope of what the maintainers will support and by -doing so, you wil accept the risk of it breaking things.
+ AdditionalContainers allows injecting additional containers into the Collector's pod definition. These sidecar containers can be used for authentication proxies, log shipping sidecars, agents for shipping metrics to their cloud, or in general sidecars that do not support automatic injection. This option only applies to Deployment, DaemonSet, and StatefulSet deployment modes of the collector. It does not apply to the sidecar deployment mode. More info about sidecars: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + Container names managed by the operator: * `otc-container` + Overriding containers managed by the operator is outside the scope of what the maintainers will support and by doing so, you wil accept the risk of it breaking things.
 false
autoscaler object - Autoscaler specifies the pod autoscaling configuration to use -for the AmazonCloudWatchAgent workload.
+ Autoscaler specifies the pod autoscaling configuration to use for the AmazonCloudWatchAgent workload.
 false
configmaps []object - ConfigMaps is a list of ConfigMaps in the same namespace as the AmazonCloudWatchAgent -object, which shall be mounted into the Collector Pods. -Each ConfigMap will be added to the Collector's Deployments as a volume named `configmap-`.
+ ConfigMaps is a list of ConfigMaps in the same namespace as the AmazonCloudWatchAgent object, which shall be mounted into the Collector Pods. Each ConfigMap will be added to the Collector's Deployments as a volume named `configmap-`.
 false
env []object - ENV vars to set on the OpenTelemetry Collector's Pods. These can then in certain cases be -consumed in the config file for the Collector.
+ ENV vars to set on the OpenTelemetry Collector's Pods. These can then in certain cases be consumed in the config file for the Collector.
 false
envFrom []object - List of sources to populate environment variables on the OpenTelemetry Collector's Pods. -These can then in certain cases be consumed in the config file for the Collector.
+ List of sources to populate environment variables on the OpenTelemetry Collector's Pods. These can then in certain cases be consumed in the config file for the Collector.
 false
ingress object - Ingress is used to specify how OpenTelemetry Collector is exposed. This -functionality is only available if one of the valid modes is set. -Valid modes are: deployment, daemonset and statefulset.
+ Ingress is used to specify how OpenTelemetry Collector is exposed. This functionality is only available if one of the valid modes is set. Valid modes are: deployment, daemonset and statefulset.
 false
initContainers []object - InitContainers allows injecting initContainers to the Collector's pod definition. -These init containers can be used to fetch secrets for injection into the -configuration from external sources, run added checks, etc. Any errors during the execution of -an initContainer will lead to a restart of the Pod. More info: -https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ InitContainers allows injecting initContainers to the Collector's pod definition. These init containers can be used to fetch secrets for injection into the configuration from external sources, run added checks, etc. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 false
livenessProbe object - Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. -It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
+ Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
 false
managementState enum - ManagementState defines if the CR should be managed by the operator or not. -Default is managed.
+ ManagementState defines if the CR should be managed by the operator or not. Default is managed.

Enum: managed, unmanaged
Default: managed
@@ -234,8 +210,7 @@ Default is managed.
maxReplicas integer - MaxReplicas sets an upper bound to the autoscaling feature. If MaxReplicas is set autoscaling is enabled. -Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" instead.
+ MaxReplicas sets an upper bound to the autoscaling feature. If MaxReplicas is set autoscaling is enabled. Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" instead.

Format: int32
 integer - MinReplicas sets a lower bound to the autoscaling feature. Set this if you are using autoscaling. It must be at least 1 -Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.
+ MinReplicas sets a lower bound to the autoscaling feature. Set this if you are using autoscaling. It must be at least 1 Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.

Format: int32
 map[string]string - NodeSelector to schedule OpenTelemetry Collector pods. -This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule OpenTelemetry Collector pods. This is only relevant to daemonset, statefulset, and deployment mode
 false
podAnnotations map[string]string - PodAnnotations is the set of annotations that will be attached to -Collector and Target Allocator pods.
+ PodAnnotations is the set of annotations that will be attached to Collector and Target Allocator pods.
 false
podDisruptionBudget object - PodDisruptionBudget specifies the pod disruption budget configuration to use -for the AmazonCloudWatchAgent workload.
+ PodDisruptionBudget specifies the pod disruption budget configuration to use for the AmazonCloudWatchAgent workload.
 false
podSecurityContext object - PodSecurityContext configures the pod security context for the -amazon-cloudwatch-agent pod, when running as a deployment, daemonset, -or statefulset. - - -In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
+ PodSecurityContext configures the pod security context for the amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. + In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
 false
ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator -will attempt to infer the required ports by parsing the .Spec.Config property but this property can be -used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
 false
priorityClassName string - If specified, indicates the pod's priority. -If not specified, the pod priority will be default or zero if there is no -default.
+ If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
 false
securityContext object - SecurityContext configures the container security context for -the amazon-cloudwatch-agent container. - - -In deployment, daemonset, or statefulset mode, this controls -the security context settings for the primary application -container. - - -In sidecar mode, this controls the security context for the -injected sidecar container.
+ SecurityContext configures the container security context for the amazon-cloudwatch-agent container. + In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. + In sidecar mode, this controls the security context for the injected sidecar container.
 false
serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, -the operator will not automatically create a ServiceAccount for the collector.
- 		false
targetAllocatorobject - TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
 false
[]object - Toleration to schedule OpenTelemetry Collector pods. -This is only relevant to daemonset, statefulset, and deployment mode
+ Toleration to schedule OpenTelemetry Collector pods. This is only relevant to daemonset, statefulset, and deployment mode
 false
topologySpreadConstraints []object - TopologySpreadConstraints embedded kubernetes pod configuration option, -controls how pods are spread across your cluster among failure-domains -such as regions, zones, nodes, and other user-defined topology domains -https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -This is only relevant to statefulset, and deployment mode
+ TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ This is only relevant to statefulset, and deployment mode
 false
updateStrategy object - UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods -https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec -This is only applicable to Daemonset mode.
+ UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec This is only applicable to Daemonset mode.
 false
workingDir string - WorkingDir represents Container's working directory. If not specified, -the container runtime's default will be used, which might -be configured in the container image. Cannot be updated.
+ WorkingDir represents Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
 false
name string - Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). -Cannot be updated.
+ Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
 true
args []string - Arguments to the entrypoint. -The container image's CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
command []string - Entrypoint array. Not executed within a shell. -The container image's ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object - List of environment variables to set in the container. -Cannot be updated.
+ List of environment variables to set in the container. Cannot be updated.
 false
envFrom []object - List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. -Cannot be updated.
+ List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
 false
image string - Container image name. -More info: https://kubernetes.io/docs/concepts/containers/images -This field is optional to allow higher level config management to default or override -container images in workload controllers like Deployments and StatefulSets.
+ Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
 false
imagePullPolicy string - Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
 false
lifecycle object - Actions that the management system should take in response to container lifecycle events. -Cannot be updated.
+ Actions that the management system should take in response to container lifecycle events. Cannot be updated.
 false
livenessProbe object - Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
ports []object - List of ports to expose from the container. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default "0.0.0.0" address inside a container will be -accessible from the network. -Modifying this array with strategic merge patch may corrupt the data. -For more information See https://github.com/kubernetes/kubernetes/issues/108255. -Cannot be updated.
+ List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
 false
readinessProbe object - Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
resources object - Compute Resources required by this container. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
restartPolicy string - RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, -the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: -this init container will be continually restarted on -exit until all regular containers have terminated. Once all regular -containers have completed, all init containers with restartPolicy "Always" -will be shut down. This lifecycle differs from normal init containers and -is often referred to as a "sidecar" container. Although this init -container still starts in the init container sequence, it does not wait -for the container to complete before proceeding to the next init -container. Instead, the next init container starts immediately after this -init container is started, or after any startupProbe has successfully -completed.
+ RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
 false
securityContext object - SecurityContext defines the security options the container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 false
startupProbe object - StartupProbe indicates that the Pod has successfully initialized. -If specified, no other probes are executed until this completes successfully. -If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. -This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, -when it might take a long time to load data or warm a cache, than during steady-state operation. -This cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
stdin boolean - Whether this container should allocate a buffer for stdin in the container runtime. If this -is not set, reads from stdin in the container will always result in EOF. -Default is false.
+ Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
 false
stdinOnce boolean - Whether the container runtime should close the stdin channel after it has been opened by -a single attach. When stdin is true the stdin stream will remain open across multiple attach -sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the -first client attaches to stdin, and then remains open and accepts data until the client disconnects, -at which time stdin is closed and remains closed until the container is restarted. If this -flag is false, a container processes that reads from stdin will never receive an EOF. -Default is false
+ Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
 false
terminationMessagePath string - Optional: Path at which the file to which the container's termination message -will be written is mounted into the container's filesystem. -Message written is intended to be brief final status, such as an assertion failure message. -Will be truncated by the node if greater than 4096 bytes. The total message length across -all containers will be limited to 12kb. -Defaults to /dev/termination-log. -Cannot be updated.
+ Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
 false
terminationMessagePolicy string - Indicate how the termination message should be populated. File will use the contents of -terminationMessagePath to populate the container status message on both success and failure. -FallbackToLogsOnError will use the last chunk of container log output if the termination -message file is empty and the container exited with an error. -The log output is limited to 2048 bytes or 80 lines, whichever is smaller. -Defaults to File. -Cannot be updated.
+ Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
 false
tty boolean - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. -Default is false.
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
 false
volumeMounts []object - Pod volumes to mount into the container's filesystem. -Cannot be updated.
+ Pod volumes to mount into the container's filesystem. Cannot be updated.
 false
workingDir string - Container's working directory. -If not specified, the container runtime's default will be used, which -might be configured in the container image. -Cannot be updated.
+ Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -909,8 +743,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -973,9 +806,7 @@ Selects a key of a secret in the pod's namespace @@ -1050,9 +881,7 @@ The ConfigMap to select from @@ -1086,9 +915,7 @@ The Secret to select from @@ -1107,8 +934,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Actions that the management system should take in response to container lifecycle events. -Cannot be updated. +Actions that the management system should take in response to container lifecycle events. Cannot be updated.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -1123,25 +949,14 @@ Cannot be updated. @@ -1153,10 +968,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho -PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
postStart object - PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -1192,9 +1004,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -1221,11 +1031,7 @@ Exec specifies the action to take. @@ -1252,17 +1058,14 @@ HTTPGet specifies the http request to perform. @@ -1283,8 +1086,7 @@ Name must be an IANA_SVC_NAME.
 @@ -1311,8 +1113,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1360,9 +1161,7 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -1377,9 +1176,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified. @@ -1398,15 +1195,7 @@ Name must be an IANA_SVC_NAME.
-PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
@@ -1442,9 +1231,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -1471,11 +1258,7 @@ Exec specifies the action to take. @@ -1502,17 +1285,14 @@ HTTPGet specifies the http request to perform. @@ -1533,8 +1313,7 @@ Name must be an IANA_SVC_NAME.
 @@ -1561,8 +1340,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1610,9 +1388,7 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -1627,9 +1403,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified. @@ -1648,10 +1422,7 @@ Name must be an IANA_SVC_NAME.
-Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
@@ -1673,8 +1444,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -1697,8 +1467,7 @@ Defaults to 3. Minimum value is 1.
 @@ -1707,8 +1476,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -1717,8 +1485,7 @@ Default to 10 seconds. Minimum value is 1.
 @@ -1734,16 +1501,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 @@ -1752,9 +1510,7 @@ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
 @@ -1783,11 +1539,7 @@ Exec specifies the action to take. @@ -1823,11 +1575,8 @@ GRPC specifies an action involving a GRPC port. @@ -1854,17 +1603,14 @@ HTTPGet specifies the http request to perform. @@ -1885,8 +1631,7 @@ Name must be an IANA_SVC_NAME.
 @@ -1913,8 +1658,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1948,9 +1692,7 @@ TCPSocket specifies an action involving a TCP port. @@ -1984,8 +1726,7 @@ ContainerPort represents a network port in a single container. @@ -2001,10 +1742,7 @@ This must be a valid port number, 0 < x < 65536.
 @@ -2013,17 +1751,14 @@ Most containers do not need this.
 @@ -2037,10 +1772,7 @@ Defaults to "TCP".
-Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
containerPort integer - Number of port to expose on the pod's IP address. -This must be a valid port number, 0 < x < 65536.
+ Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.

Format: int32
hostPort integer - Number of port to expose on the host. -If specified, this must be a valid port number, 0 < x < 65536. -If HostNetwork is specified, this must match ContainerPort. -Most containers do not need this.
+ Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

Format: int32
name string - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each -named port in a pod must have a unique name. Name for the port that can be -referred to by services.
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
 false
protocol string - Protocol for port. Must be UDP, TCP, or SCTP. -Defaults to "TCP".
+ Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Default: TCP
@@ -2062,8 +1794,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -2086,8 +1817,7 @@ Defaults to 3. Minimum value is 1.
 @@ -2096,8 +1826,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -2106,8 +1835,7 @@ Default to 10 seconds. Minimum value is 1.
 @@ -2123,16 +1851,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 @@ -2141,9 +1860,7 @@ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
 @@ -2172,11 +1889,7 @@ Exec specifies the action to take. @@ -2212,11 +1925,8 @@ GRPC specifies an action involving a GRPC port. @@ -2243,17 +1953,14 @@ HTTPGet specifies the http request to perform. @@ -2274,8 +1981,7 @@ Name must be an IANA_SVC_NAME.
 @@ -2302,8 +2008,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -2337,9 +2042,7 @@ TCPSocket specifies an action involving a TCP port. @@ -2373,16 +2076,14 @@ ContainerResizePolicy represents resource resize policy for the container. @@ -2394,9 +2095,7 @@ If not specified, it defaults to NotRequired.
-Compute Resources required by this container. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
resourceName string - Name of the resource to which this resource resize policy applies. -Supported values: cpu, memory.
+ Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
 true
restartPolicy string - Restart policy to apply when specified resource is resized. -If not specified, it defaults to NotRequired.
+ Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
 true
@@ -2411,33 +2110,23 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co @@ -2464,9 +2153,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2478,9 +2165,7 @@ inside a container.
-SecurityContext defines the security options the container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
@@ -2495,63 +2180,42 @@ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-con @@ -2560,23 +2224,14 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -2585,31 +2240,21 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -2621,9 +2266,7 @@ Note that this field cannot be set when spec.os.name is linux.
-The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more -privileges than its parent process. This bool directly controls if -the no_new_privs flag will be set on the container process. -AllowPrivilegeEscalation is true always when the container is: -1) run as Privileged -2) has CAP_SYS_ADMIN -Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. -Processes in privileged containers are essentially equivalent to root on the host. -Defaults to false. -Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for -readonly paths and masked paths. -This requires the ProcMountType feature flag to be enabled. -Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. -Default is false. -Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
 false
@@ -2657,11 +2300,7 @@ Note that this field cannot be set when spec.os.name is windows. -The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
@@ -2709,10 +2348,7 @@ Note that this field cannot be set when spec.os.name is windows. -The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
@@ -2727,23 +2363,15 @@ Note that this field cannot be set when spec.os.name is windows. @@ -2755,10 +2383,7 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
-The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. Valid options are: + Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -2773,9 +2398,7 @@ Note that this field cannot be set when spec.os.name is linux. @@ -2789,20 +2412,14 @@ GMSA credential spec named by the GMSACredentialSpecName field.
 @@ -2814,13 +2431,7 @@ PodSecurityContext, the value specified in SecurityContext takes precedence.
 @@ -2842,8 +2453,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -2866,8 +2476,7 @@ Defaults to 3. Minimum value is 1.
 @@ -2876,8 +2485,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -2886,8 +2494,7 @@ Default to 10 seconds. Minimum value is 1.
 @@ -2903,16 +2510,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 @@ -2921,9 +2519,7 @@ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
 @@ -2952,11 +2548,7 @@ Exec specifies the action to take. @@ -2992,11 +2584,8 @@ GRPC specifies an action involving a GRPC port. @@ -3023,17 +2612,14 @@ HTTPGet specifies the http request to perform. @@ -3054,8 +2640,7 @@ Name must be an IANA_SVC_NAME.
 @@ -3082,8 +2667,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -3117,9 +2701,7 @@ TCPSocket specifies an action involving a TCP port. @@ -3187,8 +2769,7 @@ VolumeMount describes a mounting of a Volume within a container. @@ -3202,36 +2783,28 @@ not contain ':'.
 @@ -3299,26 +2872,14 @@ Describes node affinity scheduling rules for the pod. @@ -3330,8 +2891,7 @@ may or may not try to eventually evict the pod from its node.
-An empty preferred scheduling term matches all objects with implicit weight 0 -(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
mountPath string - Path within the container at which the volume should be mounted. Must -not contain ':'.
+ Path within the container at which the volume should be mounted. Must not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host -to container and the other way around. -When not set, MountPropagationNone is used. -This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). -Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. -Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. -Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. -Defaults to "" (volume's root). -SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node matches the corresponding matchExpressions; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
 false
@@ -3401,8 +2961,7 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
@@ -3424,19 +2983,14 @@ that relates the key and values. @@ -3448,8 +3002,7 @@ This array is replaced during a strategic merge patch.
-A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -3471,19 +3024,14 @@ that relates the key and values. @@ -3495,11 +3043,7 @@ This array is replaced during a strategic merge patch.
-If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -3526,9 +3070,7 @@ may or may not try to eventually evict the pod from its node. -A null or empty node selector term matches no objects. The requirements of -them are ANDed. -The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -3562,8 +3104,7 @@ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
@@ -3585,19 +3126,14 @@ that relates the key and values. @@ -3609,8 +3145,7 @@ This array is replaced during a strategic merge patch.
-A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -3632,19 +3167,14 @@ that relates the key and values. @@ -3671,28 +3201,14 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -3726,8 +3242,7 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -3756,70 +3271,42 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -3831,8 +3318,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -3854,9 +3340,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -3868,8 +3352,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3891,18 +3374,14 @@ relates the key and values. @@ -3914,11 +3393,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -3940,9 +3415,7 @@ An empty selector ({}) matches all namespaces. @@ -3954,8 +3427,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3977,18 +3449,14 @@ relates the key and values. @@ -4000,12 +3468,7 @@ merge patch.
-Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -4020,70 +3483,42 @@ a pod of the set of pods is running @@ -4095,8 +3530,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -4118,9 +3552,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -4132,8 +3564,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4155,18 +3586,14 @@ relates the key and values. @@ -4178,11 +3605,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -4204,9 +3627,7 @@ An empty selector ({}) matches all namespaces. @@ -4218,8 +3639,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4241,18 +3661,14 @@ relates the key and values. @@ -4279,28 +3695,14 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -4334,8 +3736,7 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -4364,70 +3765,42 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -4439,8 +3812,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the anti-affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the anti-affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -4462,9 +3834,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -4476,8 +3846,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4499,18 +3868,14 @@ relates the key and values. @@ -4522,11 +3887,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -4548,9 +3909,7 @@ An empty selector ({}) matches all namespaces. @@ -4562,8 +3921,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4585,18 +3943,14 @@ relates the key and values. @@ -4608,12 +3962,7 @@ merge patch.
-Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -4628,70 +3977,42 @@ a pod of the set of pods is running @@ -4703,8 +4024,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -4726,9 +4046,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -4740,8 +4058,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4763,18 +4080,14 @@ relates the key and values. @@ -4786,11 +4099,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -4812,9 +4121,7 @@ An empty selector ({}) matches all namespaces. @@ -4826,8 +4133,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4849,18 +4155,14 @@ relates the key and values. @@ -4872,8 +4174,7 @@ merge patch.
-Autoscaler specifies the pod autoscaling configuration to use -for the AmazonCloudWatchAgent workload. +Autoscaler specifies the pod autoscaling configuration to use for the AmazonCloudWatchAgent workload.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -4888,8 +4189,7 @@ for the AmazonCloudWatchAgent workload. @@ -4905,9 +4205,7 @@ in both Up and Down directions (scaleUp and scaleDown fields respectively).
 @@ -4923,8 +4221,7 @@ Use TargetCPUUtilization or TargetMemoryUtilization instead if scaling on these @@ -4947,8 +4244,7 @@ If average CPU exceeds this value, the HPA will scale up. Defaults to 90 percent -HorizontalPodAutoscalerBehavior configures the scaling behavior of the target -in both Up and Down directions (scaleUp and scaleDown fields respectively). +HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).
behavior object - HorizontalPodAutoscalerBehavior configures the scaling behavior of the target -in both Up and Down directions (scaleUp and scaleDown fields respectively).
+ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).
 false
metrics []object - Metrics is meant to provide a customizable way to configure HPA metrics. -currently the only supported custom metrics is type=Pod. -Use TargetCPUUtilization or TargetMemoryUtilization instead if scaling on these common resource metrics.
+ Metrics is meant to provide a customizable way to configure HPA metrics. currently the only supported custom metrics is type=Pod. Use TargetCPUUtilization or TargetMemoryUtilization instead if scaling on these common resource metrics.
 false
targetCPUUtilization integer - TargetCPUUtilization sets the target average CPU used across all replicas. -If average CPU exceeds this value, the HPA will scale up. Defaults to 90 percent.
+ TargetCPUUtilization sets the target average CPU used across all replicas. If average CPU exceeds this value, the HPA will scale up. Defaults to 90 percent.

Format: int32
@@ -4963,21 +4259,14 @@ in both Up and Down directions (scaleUp and scaleDown fields respectively). @@ -4989,10 +4278,7 @@ No stabilization is used.
-scaleDown is scaling policy for scaling Down. -If not set, the default value is to allow to scale down to minReplicas pods, with a -300 second stabilization window (i.e., the highest recommendation for -the last 300sec is used). +scaleDown is scaling policy for scaling Down. If not set, the default value is to allow to scale down to minReplicas pods, with a 300 second stabilization window (i.e., the highest recommendation for the last 300sec is used).
scaleDown object - scaleDown is scaling policy for scaling Down. -If not set, the default value is to allow to scale down to minReplicas pods, with a -300 second stabilization window (i.e., the highest recommendation for -the last 300sec is used).
+ scaleDown is scaling policy for scaling Down. If not set, the default value is to allow to scale down to minReplicas pods, with a 300 second stabilization window (i.e., the highest recommendation for the last 300sec is used).
 false
scaleUp object - scaleUp is scaling policy for scaling Up. -If not set, the default value is the higher of: - * increase no more than 4 pods per 60 seconds - * double the number of pods per 60 seconds -No stabilization is used.
+ scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: * increase no more than 4 pods per 60 seconds * double the number of pods per 60 seconds No stabilization is used.
 false
@@ -5007,28 +4293,21 @@ the last 300sec is used). @@ -5057,8 +4336,7 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -5074,8 +4352,7 @@ PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). @@ -5089,11 +4366,7 @@ It must be greater than zero
-scaleUp is scaling policy for scaling Up. -If not set, the default value is the higher of: - * increase no more than 4 pods per 60 seconds - * double the number of pods per 60 seconds -No stabilization is used. +scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: * increase no more than 4 pods per 60 seconds * double the number of pods per 60 seconds No stabilization is used.
policies []object - policies is a list of potential scaling polices which can be used during scaling. -At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+ policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
 false
selectPolicy string - selectPolicy is used to specify which policy should be used. -If not set, the default value Max is used.
+ selectPolicy is used to specify which policy should be used. If not set, the default value Max is used.
 false
stabilizationWindowSeconds integer - stabilizationWindowSeconds is the number of seconds for which past recommendations should be -considered while scaling up or scaling down. -StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). -If not set, use the default values: -- For scale up: 0 (i.e. no stabilization is done). -- For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+ stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).

Format: int32
periodSeconds integer - periodSeconds specifies the window of time for which the policy should hold true. -PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+ periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).

Format: int32
value integer - value contains the amount of change which is permitted by the policy. -It must be greater than zero
+ value contains the amount of change which is permitted by the policy. It must be greater than zero

Format: int32
@@ -5108,28 +4381,21 @@ No stabilization is used. @@ -5158,8 +4424,7 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -5175,8 +4440,7 @@ PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). @@ -5190,9 +4454,7 @@ It must be greater than zero
-MetricSpec defines a subset of metrics to be defined for the HPA's metric array -more metric type can be supported as needed. -See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec for reference. +MetricSpec defines a subset of metrics to be defined for the HPA's metric array more metric type can be supported as needed. See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec for reference.
policies []object - policies is a list of potential scaling polices which can be used during scaling. -At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+ policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
 false
selectPolicy string - selectPolicy is used to specify which policy should be used. -If not set, the default value Max is used.
+ selectPolicy is used to specify which policy should be used. If not set, the default value Max is used.
 false
stabilizationWindowSeconds integer - stabilizationWindowSeconds is the number of seconds for which past recommendations should be -considered while scaling up or scaling down. -StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). -If not set, use the default values: -- For scale up: 0 (i.e. no stabilization is done). -- For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+ stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).

Format: int32
periodSeconds integer - periodSeconds specifies the window of time for which the policy should hold true. -PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+ periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).

Format: int32
value integer - value contains the amount of change which is permitted by the policy. -It must be greater than zero
+ value contains the amount of change which is permitted by the policy. It must be greater than zero

Format: int32
@@ -5214,10 +4476,7 @@ See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec for reference. @@ -5229,10 +4488,7 @@ value.
-PodsMetricSource indicates how to scale on a metric describing each pod in -the current scale target (for example, transactions-processed-per-second). -The values will be averaged together before being compared to the target -value. +PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
pods object - PodsMetricSource indicates how to scale on a metric describing each pod in -the current scale target (for example, transactions-processed-per-second). -The values will be averaged together before being compared to the target -value.
+ PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
 false
@@ -5288,9 +4544,7 @@ metric identifies the target metric by name and selector @@ -5302,9 +4556,7 @@ When unset, just the metricName will be used to gather metrics.
-selector is the string-encoded form of a standard kubernetes label selector for the given metric -When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. -When unset, just the metricName will be used to gather metrics. +selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
selector object - selector is the string-encoded form of a standard kubernetes label selector for the given metric -When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. -When unset, just the metricName will be used to gather metrics.
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
 false
@@ -5326,9 +4578,7 @@ When unset, just the metricName will be used to gather metrics. @@ -5340,8 +4590,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -5363,18 +4612,14 @@ relates the key and values. @@ -5408,10 +4653,7 @@ target specifies the target value for the given metric @@ -5420,8 +4662,7 @@ Currently only valid for Resource metric source type
 @@ -5496,15 +4737,7 @@ EnvVar represents an environment variable present in a Container. @@ -5545,16 +4778,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -5595,9 +4826,7 @@ Selects a key of a ConfigMap. @@ -5616,8 +4845,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
averageUtilization integer - averageUtilization is the target value of the average of the -resource metric across all relevant pods, represented as a percentage of -the requested value of the resource for the pods. -Currently only valid for Resource metric source type
+ averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type

Format: int32
averageValue int or string - averageValue is the target value of the average of the -metric across all relevant pods (as a quantity)
+ averageValue is the target value of the average of the metric across all relevant pods (as a quantity)
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -5651,8 +4879,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -5715,9 +4942,7 @@ Selects a key of a secret in the pod's namespace @@ -5792,9 +5017,7 @@ The ConfigMap to select from @@ -5828,9 +5051,7 @@ The Secret to select from @@ -5849,9 +5070,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Ingress is used to specify how OpenTelemetry Collector is exposed. This -functionality is only available if one of the valid modes is set. -Valid modes are: deployment, daemonset and statefulset. +Ingress is used to specify how OpenTelemetry Collector is exposed. This functionality is only available if one of the valid modes is set. Valid modes are: deployment, daemonset and statefulset.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -5866,8 +5085,7 @@ Valid modes are: deployment, daemonset and statefulset. @@ -5881,27 +5099,21 @@ e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"'
 @@ -5917,8 +5129,7 @@ Default is IngressRuleTypePath ("path").
 @@ -5932,8 +5143,7 @@ Supported types are: ingress, route
-Route is an OpenShift specific section that is only considered when -type "route" is used. +Route is an OpenShift specific section that is only considered when type "route" is used.
annotations map[string]string - Annotations to add to ingress. -e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"'
+ Annotations to add to ingress. e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"'
 false
ingressClassName string - IngressClassName is the name of an IngressClass cluster resource. Ingress -controller implementations use this field to know whether they should be -serving this Ingress resource.
+ IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource.
 false
route object - Route is an OpenShift specific section that is only considered when -type "route" is used.
+ Route is an OpenShift specific section that is only considered when type "route" is used.
 false
ruleType enum - RuleType defines how Ingress exposes collector receivers. -IngressRuleTypePath ("path") exposes each receiver port on a unique path on single domain defined in Hostname. -IngressRuleTypeSubdomain ("subdomain") exposes each receiver port on a unique subdomain of Hostname. -Default is IngressRuleTypePath ("path").
+ RuleType defines how Ingress exposes collector receivers. IngressRuleTypePath ("path") exposes each receiver port on a unique path on single domain defined in Hostname. IngressRuleTypeSubdomain ("subdomain") exposes each receiver port on a unique subdomain of Hostname. Default is IngressRuleTypePath ("path").

Enum: path, subdomain
type enum - Type default value is: "" -Supported types are: ingress, route
+ Type default value is: "" Supported types are: ingress, route

Enum: ingress, route
@@ -5977,21 +5187,14 @@ IngressTLS describes the transport layer security associated with an ingress. @@ -6018,119 +5221,77 @@ A single application container that you want to run within a pod. @@ -6144,108 +5305,63 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -6259,18 +5375,14 @@ Default is false.
 @@ -6304,15 +5416,7 @@ EnvVar represents an environment variable present in a Container. @@ -6353,16 +5457,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -6403,9 +5505,7 @@ Selects a key of a ConfigMap. @@ -6424,8 +5524,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
hosts []string - hosts is a list of hosts included in the TLS certificate. The values in -this list must match the name/s used in the tlsSecret. Defaults to the -wildcard host setting for the loadbalancer controller fulfilling this -Ingress, if left unspecified.
+ hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
 false
secretName string - secretName is the name of the secret used to terminate TLS traffic on -port 443. Field is left optional to allow TLS routing based on SNI -hostname alone. If the SNI host in a listener conflicts with the "Host" -header field used by an IngressRule, the SNI host is used for termination -and value of the "Host" header is used for routing.
+ secretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the "Host" header is used for routing.
 false
name string - Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). -Cannot be updated.
+ Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
 true
args []string - Arguments to the entrypoint. -The container image's CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
command []string - Entrypoint array. Not executed within a shell. -The container image's ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object - List of environment variables to set in the container. -Cannot be updated.
+ List of environment variables to set in the container. Cannot be updated.
 false
envFrom []object - List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. -Cannot be updated.
+ List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
 false
image string - Container image name. -More info: https://kubernetes.io/docs/concepts/containers/images -This field is optional to allow higher level config management to default or override -container images in workload controllers like Deployments and StatefulSets.
+ Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
 false
imagePullPolicy string - Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
 false
lifecycle object - Actions that the management system should take in response to container lifecycle events. -Cannot be updated.
+ Actions that the management system should take in response to container lifecycle events. Cannot be updated.
 false
livenessProbe object - Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
ports []object - List of ports to expose from the container. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default "0.0.0.0" address inside a container will be -accessible from the network. -Modifying this array with strategic merge patch may corrupt the data. -For more information See https://github.com/kubernetes/kubernetes/issues/108255. -Cannot be updated.
+ List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
 false
readinessProbe object - Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
resources object - Compute Resources required by this container. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
restartPolicy string - RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, -the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: -this init container will be continually restarted on -exit until all regular containers have terminated. Once all regular -containers have completed, all init containers with restartPolicy "Always" -will be shut down. This lifecycle differs from normal init containers and -is often referred to as a "sidecar" container. Although this init -container still starts in the init container sequence, it does not wait -for the container to complete before proceeding to the next init -container. Instead, the next init container starts immediately after this -init container is started, or after any startupProbe has successfully -completed.
+ RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
 false
securityContext object - SecurityContext defines the security options the container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 false
startupProbe object - StartupProbe indicates that the Pod has successfully initialized. -If specified, no other probes are executed until this completes successfully. -If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. -This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, -when it might take a long time to load data or warm a cache, than during steady-state operation. -This cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
stdin boolean - Whether this container should allocate a buffer for stdin in the container runtime. If this -is not set, reads from stdin in the container will always result in EOF. -Default is false.
+ Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
 false
stdinOnce boolean - Whether the container runtime should close the stdin channel after it has been opened by -a single attach. When stdin is true the stdin stream will remain open across multiple attach -sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the -first client attaches to stdin, and then remains open and accepts data until the client disconnects, -at which time stdin is closed and remains closed until the container is restarted. If this -flag is false, a container processes that reads from stdin will never receive an EOF. -Default is false
+ Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
 false
terminationMessagePath string - Optional: Path at which the file to which the container's termination message -will be written is mounted into the container's filesystem. -Message written is intended to be brief final status, such as an assertion failure message. -Will be truncated by the node if greater than 4096 bytes. The total message length across -all containers will be limited to 12kb. -Defaults to /dev/termination-log. -Cannot be updated.
+ Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
 false
terminationMessagePolicy string - Indicate how the termination message should be populated. File will use the contents of -terminationMessagePath to populate the container status message on both success and failure. -FallbackToLogsOnError will use the last chunk of container log output if the termination -message file is empty and the container exited with an error. -The log output is limited to 2048 bytes or 80 lines, whichever is smaller. -Defaults to File. -Cannot be updated.
+ Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
 false
tty boolean - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. -Default is false.
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
 false
volumeMounts []object - Pod volumes to mount into the container's filesystem. -Cannot be updated.
+ Pod volumes to mount into the container's filesystem. Cannot be updated.
 false
workingDir string - Container's working directory. -If not specified, the container runtime's default will be used, which -might be configured in the container image. -Cannot be updated.
+ Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -6459,8 +5558,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -6523,9 +5621,7 @@ Selects a key of a secret in the pod's namespace @@ -6600,9 +5696,7 @@ The ConfigMap to select from @@ -6636,9 +5730,7 @@ The Secret to select from @@ -6657,8 +5749,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Actions that the management system should take in response to container lifecycle events. -Cannot be updated. +Actions that the management system should take in response to container lifecycle events. Cannot be updated.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -6673,25 +5764,14 @@ Cannot be updated. @@ -6703,10 +5783,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho -PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
postStart object - PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -6742,9 +5819,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -6771,11 +5846,7 @@ Exec specifies the action to take. @@ -6802,17 +5873,14 @@ HTTPGet specifies the http request to perform. @@ -6833,8 +5901,7 @@ Name must be an IANA_SVC_NAME.
 @@ -6861,8 +5928,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -6910,9 +5976,7 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -6927,9 +5991,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified. @@ -6948,15 +6010,7 @@ Name must be an IANA_SVC_NAME.
-PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
@@ -6992,9 +6046,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -7021,11 +6073,7 @@ Exec specifies the action to take. @@ -7052,17 +6100,14 @@ HTTPGet specifies the http request to perform. @@ -7083,8 +6128,7 @@ Name must be an IANA_SVC_NAME.
 @@ -7111,8 +6155,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -7160,9 +6203,7 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -7177,9 +6218,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified. @@ -7198,10 +6237,7 @@ Name must be an IANA_SVC_NAME.
-Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
@@ -7223,8 +6259,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -7247,8 +6282,7 @@ Defaults to 3. Minimum value is 1.
 @@ -7257,8 +6291,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -7267,8 +6300,7 @@ Default to 10 seconds. Minimum value is 1.
 @@ -7284,16 +6316,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 @@ -7302,9 +6325,7 @@ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
 @@ -7333,11 +6354,7 @@ Exec specifies the action to take. @@ -7373,11 +6390,8 @@ GRPC specifies an action involving a GRPC port. @@ -7404,17 +6418,14 @@ HTTPGet specifies the http request to perform. @@ -7435,8 +6446,7 @@ Name must be an IANA_SVC_NAME.
 @@ -7463,8 +6473,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -7498,9 +6507,7 @@ TCPSocket specifies an action involving a TCP port. @@ -7534,8 +6541,7 @@ ContainerPort represents a network port in a single container. @@ -7551,10 +6557,7 @@ This must be a valid port number, 0 < x < 65536.
 @@ -7563,17 +6566,14 @@ Most containers do not need this.
 @@ -7587,10 +6587,7 @@ Defaults to "TCP".
-Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
containerPort integer - Number of port to expose on the pod's IP address. -This must be a valid port number, 0 < x < 65536.
+ Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.

Format: int32
hostPort integer - Number of port to expose on the host. -If specified, this must be a valid port number, 0 < x < 65536. -If HostNetwork is specified, this must match ContainerPort. -Most containers do not need this.
+ Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

Format: int32
name string - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each -named port in a pod must have a unique name. Name for the port that can be -referred to by services.
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
 false
protocol string - Protocol for port. Must be UDP, TCP, or SCTP. -Defaults to "TCP".
+ Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Default: TCP
@@ -7612,8 +6609,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -7636,8 +6632,7 @@ Defaults to 3. Minimum value is 1.
 @@ -7646,8 +6641,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -7656,8 +6650,7 @@ Default to 10 seconds. Minimum value is 1.
 @@ -7673,16 +6666,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 @@ -7691,9 +6675,7 @@ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
 @@ -7722,11 +6704,7 @@ Exec specifies the action to take. @@ -7762,11 +6740,8 @@ GRPC specifies an action involving a GRPC port. @@ -7793,17 +6768,14 @@ HTTPGet specifies the http request to perform. @@ -7824,8 +6796,7 @@ Name must be an IANA_SVC_NAME.
 @@ -7852,8 +6823,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -7887,9 +6857,7 @@ TCPSocket specifies an action involving a TCP port. @@ -7923,16 +6891,14 @@ ContainerResizePolicy represents resource resize policy for the container. @@ -7944,9 +6910,7 @@ If not specified, it defaults to NotRequired.
-Compute Resources required by this container. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
resourceName string - Name of the resource to which this resource resize policy applies. -Supported values: cpu, memory.
+ Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
 true
restartPolicy string - Restart policy to apply when specified resource is resized. -If not specified, it defaults to NotRequired.
+ Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
 true
@@ -7961,33 +6925,23 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co @@ -8014,9 +6968,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -8028,9 +6980,7 @@ inside a container.
-SecurityContext defines the security options the container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
@@ -8045,63 +6995,42 @@ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-con @@ -8110,23 +7039,14 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -8135,31 +7055,21 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -8171,9 +7081,7 @@ Note that this field cannot be set when spec.os.name is linux.
-The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more -privileges than its parent process. This bool directly controls if -the no_new_privs flag will be set on the container process. -AllowPrivilegeEscalation is true always when the container is: -1) run as Privileged -2) has CAP_SYS_ADMIN -Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. -Processes in privileged containers are essentially equivalent to root on the host. -Defaults to false. -Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for -readonly paths and masked paths. -This requires the ProcMountType feature flag to be enabled. -Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. -Default is false. -Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
 false
@@ -8207,11 +7115,7 @@ Note that this field cannot be set when spec.os.name is windows. -The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
@@ -8259,10 +7163,7 @@ Note that this field cannot be set when spec.os.name is windows. -The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
@@ -8277,23 +7178,15 @@ Note that this field cannot be set when spec.os.name is windows. @@ -8305,10 +7198,7 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
-The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. Valid options are: + Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -8323,9 +7213,7 @@ Note that this field cannot be set when spec.os.name is linux. @@ -8339,20 +7227,14 @@ GMSA credential spec named by the GMSACredentialSpecName field.
 @@ -8364,13 +7246,7 @@ PodSecurityContext, the value specified in SecurityContext takes precedence.
 @@ -8392,8 +7268,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -8416,8 +7291,7 @@ Defaults to 3. Minimum value is 1.
 @@ -8426,8 +7300,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -8436,8 +7309,7 @@ Default to 10 seconds. Minimum value is 1.
 @@ -8453,16 +7325,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 @@ -8471,9 +7334,7 @@ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
 @@ -8502,11 +7363,7 @@ Exec specifies the action to take. @@ -8542,11 +7399,8 @@ GRPC specifies an action involving a GRPC port. @@ -8573,17 +7427,14 @@ HTTPGet specifies the http request to perform. @@ -8604,8 +7455,7 @@ Name must be an IANA_SVC_NAME.
 @@ -8632,8 +7482,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -8667,9 +7516,7 @@ TCPSocket specifies an action involving a TCP port. @@ -8737,8 +7584,7 @@ VolumeMount describes a mounting of a Volume within a container. @@ -8752,36 +7598,28 @@ not contain ':'.
 @@ -8808,25 +7646,14 @@ Actions that the management system should take in response to container lifecycl @@ -8838,10 +7665,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho -PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
mountPath string - Path within the container at which the volume should be mounted. Must -not contain ':'.
+ Path within the container at which the volume should be mounted. Must not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host -to container and the other way around. -When not set, MountPropagationNone is used. -This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). -Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. -Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. -Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. -Defaults to "" (volume's root). -SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
 false
postStart object - PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -8877,9 +7701,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -8906,11 +7728,7 @@ Exec specifies the action to take. @@ -8937,17 +7755,14 @@ HTTPGet specifies the http request to perform. @@ -8968,8 +7783,7 @@ Name must be an IANA_SVC_NAME.
 @@ -8996,8 +7810,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -9045,9 +7858,7 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -9062,9 +7873,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified. @@ -9083,15 +7892,7 @@ Name must be an IANA_SVC_NAME.
-PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
@@ -9127,9 +7928,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho @@ -9156,11 +7955,7 @@ Exec specifies the action to take. @@ -9187,17 +7982,14 @@ HTTPGet specifies the http request to perform. @@ -9218,8 +8010,7 @@ Name must be an IANA_SVC_NAME.
 @@ -9246,8 +8037,7 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -9295,9 +8085,7 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Scheme to use for connecting to the host. Defaults to HTTP.
 false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -9312,9 +8100,7 @@ lifecycle hooks will fail in runtime when tcp handler is specified. @@ -9333,8 +8119,7 @@ Name must be an IANA_SVC_NAME.
-Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. -It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline. +Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
port int or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
@@ -9349,8 +8134,7 @@ It is only effective when healthcheckextension is configured in the OpenTelemetr @@ -9359,9 +8143,7 @@ Defaults to 3. Minimum value is 1.
 @@ -9370,8 +8152,7 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont @@ -9380,8 +8161,7 @@ Default to 10 seconds. Minimum value is 1.
 @@ -9390,16 +8170,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 @@ -9408,9 +8179,7 @@ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
 @@ -9466,8 +8235,7 @@ Metrics defines the metrics configuration for operands. @@ -9479,8 +8247,7 @@ The operator.observability.prometheus feature gate must be enabled to use this f -PodDisruptionBudget specifies the pod disruption budget configuration to use -for the AmazonCloudWatchAgent workload. +PodDisruptionBudget specifies the pod disruption budget configuration to use for the AmazonCloudWatchAgent workload.
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. -Defaults to 0 seconds. Minimum value is 0. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. Defaults to 0 seconds. Minimum value is 0. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
enableMetrics boolean - EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar mode) should be created for the service managed by the OpenTelemetry Operator. -The operator.observability.prometheus feature gate must be enabled to use this feature.
+ EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar mode) should be created for the service managed by the OpenTelemetry Operator. The operator.observability.prometheus feature gate must be enabled to use this feature.
 false
@@ -9495,20 +8262,14 @@ for the AmazonCloudWatchAgent workload. @@ -9520,12 +8281,8 @@ evictions by specifying "100%".
-PodSecurityContext configures the pod security context for the -amazon-cloudwatch-agent pod, when running as a deployment, daemonset, -or statefulset. - - -In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. +PodSecurityContext configures the pod security context for the amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. + In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
maxUnavailable int or string - An eviction is allowed if at most "maxUnavailable" pods selected by -"selector" are unavailable after the eviction, i.e. even in absence of -the evicted pod. For example, one can prevent all voluntary evictions -by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
 false
minAvailable int or string - An eviction is allowed if at least "minAvailable" pods selected by -"selector" will still be available after the eviction, i.e. even in the -absence of the evicted pod. So for example you can prevent all voluntary -evictions by specifying "100%".
+ An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
 false
@@ -9540,18 +8297,9 @@ In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. @@ -9560,25 +8308,14 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -9587,24 +8324,14 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -9613,52 +8340,35 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -9670,12 +8380,7 @@ Note that this field cannot be set when spec.os.name is linux.
-The SELinux context to be applied to all containers. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in SecurityContext. If set in -both SecurityContext and PodSecurityContext, the value specified in SecurityContext -takes precedence for that container. -Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
fsGroup integer - A special supplemental group that applies to all containers in a pod. -Some volume types allow the Kubelet to change the ownership of that volume -to be owned by the pod: - - -1. The owning GID will be the FSGroup -2. The setgid bit is set (new files created in the volume will be owned by FSGroup) -3. The permission bits are OR'd with rw-rw---- - - -If unset, the Kubelet will not modify the ownership and permissions of any volume. -Note that this field cannot be set when spec.os.name is windows.
+ A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: + 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- + If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

Format: int64
fsGroupChangePolicy string - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume -before being exposed inside Pod. This field will only apply to -volume types which support fsGroup based ownership(and permissions). -It will have no effect on ephemeral volume types such as: secret, configmaps -and emptydir. -Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. -Note that this field cannot be set when spec.os.name is windows.
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence -for that container. -Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence -for that container. -Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to all containers. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in SecurityContext. If set in -both SecurityContext and PodSecurityContext, the value specified in SecurityContext -takes precedence for that container. -Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by the containers in this pod. -Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
 false
supplementalGroups []integer - A list of groups applied to the first process run in each container, in addition -to the container's primary GID, the fsGroup (if specified), and group memberships -defined in the container image for the uid of the container process. If unspecified, -no additional groups are added to any container. Note that group memberships -defined in the container image for the uid of the container process are still effective, -even if they are not included in this list. -Note that this field cannot be set when spec.os.name is windows.
+ A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
 false
sysctls []object - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported -sysctls (by the container runtime) might fail to launch. -Note that this field cannot be set when spec.os.name is windows.
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. -If unspecified, the options within a container's SecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
 false
@@ -9723,8 +8428,7 @@ Note that this field cannot be set when spec.os.name is windows. -The seccomp options to use by the containers in this pod. -Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
@@ -9739,23 +8443,15 @@ Note that this field cannot be set when spec.os.name is windows. @@ -9801,10 +8497,7 @@ Sysctl defines a kernel parameter to be set -The Windows specific settings applied to all containers. -If unspecified, the options within a container's SecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. Valid options are: + Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -9819,9 +8512,7 @@ Note that this field cannot be set when spec.os.name is linux. @@ -9835,20 +8526,14 @@ GMSA credential spec named by the GMSACredentialSpecName field.
 @@ -9884,50 +8569,24 @@ ServicePort contains information on service's port. @@ -9936,8 +8595,7 @@ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type @@ -9946,14 +8604,7 @@ Default is TCP.
 @@ -9980,33 +8631,23 @@ Resources to set on the OpenTelemetry Collector pods. @@ -10033,9 +8674,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -10047,17 +8686,9 @@ inside a container.
-SecurityContext configures the container security context for -the amazon-cloudwatch-agent container. - - -In deployment, daemonset, or statefulset mode, this controls -the security context settings for the primary application -container. - - -In sidecar mode, this controls the security context for the -injected sidecar container. +SecurityContext configures the container security context for the amazon-cloudwatch-agent container. + In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. + In sidecar mode, this controls the security context for the injected sidecar container.
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
appProtocol string - The application protocol for this port. -This is used as a hint for implementations to offer richer behavior for protocols that they understand. -This field follows standard Kubernetes label syntax. -Valid values are either: - - -* Un-prefixed protocol names - reserved for IANA standard service names (as per -RFC-6335 and https://www.iana.org/assignments/service-names). - - -* Kubernetes-defined prefixed names: - * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- - * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - - -* Other protocols should use implementation-defined prefixed names such as -mycompany.com/my-custom-protocol.
+ The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: + * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). + * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. -All ports within a ServiceSpec must have unique names. When considering -the endpoints for a Service, this must match the 'name' field in the -EndpointPort. -Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is -NodePort or LoadBalancer. Usually assigned by the system. If a value is -specified, in-range, and not in use it will be used, otherwise the -operation will fail. If not specified, a port will be allocated if this -Service requires one. If this field is specified when creating a -Service which does not need it, creation will fail. This field will be -wiped when updating a Service to no longer need it (e.g. changing type -from NodePort to ClusterIP). -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". -Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. -Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. -If this is a string, it will be looked up as a named port in the -target Pod's container ports. If this is not specified, the value -of the 'port' field is used (an identity map). -This field is ignored for services with clusterIP=None, and should be -omitted or set equal to the 'port' field. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
@@ -10072,63 +8703,42 @@ injected sidecar container. @@ -10137,23 +8747,14 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -10162,31 +8763,21 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -10198,9 +8789,7 @@ Note that this field cannot be set when spec.os.name is linux.
-The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more -privileges than its parent process. This bool directly controls if -the no_new_privs flag will be set on the container process. -AllowPrivilegeEscalation is true always when the container is: -1) run as Privileged -2) has CAP_SYS_ADMIN -Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. -Processes in privileged containers are essentially equivalent to root on the host. -Defaults to false. -Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for -readonly paths and masked paths. -This requires the ProcMountType feature flag to be enabled. -Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. -Default is false. -Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
 false
@@ -10234,11 +8823,7 @@ Note that this field cannot be set when spec.os.name is windows. -The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
@@ -10286,10 +8871,7 @@ Note that this field cannot be set when spec.os.name is windows. -The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
@@ -10304,23 +8886,15 @@ Note that this field cannot be set when spec.os.name is windows. @@ -10332,10 +8906,7 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
-The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. Valid options are: + Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -10350,9 +8921,7 @@ Note that this field cannot be set when spec.os.name is linux. @@ -10366,32 +8935,26 @@ GMSA credential spec named by the GMSACredentialSpecName field.
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
-### AmazonCloudWatchAgent.spec.targetAllocator +### AmazonCloudWatchAgent.spec.tolerations[index] [↩ Parent](#amazoncloudwatchagentspec) -TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. +The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . @@ -10403,130 +8966,137 @@ TargetAllocator indicates a value which determines whether to spawn a target all - - - - - - - + + - - + + - - + + - - + + - + - - - + +
affinityobject - If specified, indicates the pod's scheduling constraints
- 		false
allocationStrategyenumeffectstring - AllocationStrategy determines which strategy the target allocator should use for allocation. -The current options are least-weighted and consistent-hashing. The default option is least-weighted
-
- Enum: least-weighted, consistent-hashing
+ Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 false
enabledbooleankeystring - Enabled indicates whether to use a target allocation mechanism for Prometheus targets or not.
+ Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 false
env[]objectoperatorstring - ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be -consumed in the config file for the TargetAllocator.
+ Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
 false
filterStrategystringtolerationSecondsinteger - FilterStrategy determines how to filter targets before allocating them among the collectors. -The only current option is relabel-config (drops targets based on prom relabel_config). -Filtering is disabled by default.
+ TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
 false
imagevalue string - Image indicates the container image to use for the OpenTelemetry TargetAllocator.
+ Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 false
nodeSelectormap[string]string
+ + +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index] +[↩ Parent](#amazoncloudwatchagentspec) + + + +TopologySpreadConstraint specifies how to spread matching pods among the given topology. + + + + + + + + + + + + + - + - - + + - + - - + + - + - + - - + + - - + + - - + + - - + +
NameTypeDescriptionRequired
maxSkewinteger - NodeSelector to schedule OpenTelemetry TargetAllocator pods.
+ MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
+
+ Format: int32
falsetrue
prometheusCRobjecttopologyKeystring - PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. -All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces.
+ TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
falsetrue
replicasintegerwhenUnsatisfiablestring - Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value -other than 1 if a strategy that allows for high availability is chosen. Currently, the only allocation strategy -that can be run in a high availability mode is consistent-hashing.
-
- Format: int32
+ WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
falsetrue
resourceslabelSelector object - Resources to set on the OpenTelemetryTargetAllocator containers.
+ LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
 false
securityContextobjectmatchLabelKeys[]string - SecurityContext configures the container security context for -the targetallocator.
+ MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 false
serviceAccountstringminDomainsinteger - ServiceAccount indicates the name of an existing service account to use with this instance. When set, -the operator will not automatically create a ServiceAccount for the TargetAllocator.
+ MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+ Format: int32
 false
tolerations[]objectnodeAffinityPolicystring - Toleration embedded kubernetes pod configuration option, -controls how pods can be scheduled with matching taints
+ NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 false
topologySpreadConstraints[]objectnodeTaintsPolicystring - TopologySpreadConstraints embedded kubernetes pod configuration option, -controls how pods are spread across your cluster among failure-domains -such as regions, zones, nodes, and other user-defined topology domains -https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 false
-### AmazonCloudWatchAgent.spec.targetAllocator.affinity -[↩ Parent](#amazoncloudwatchagentspectargetallocator) +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindex) -If specified, indicates the pod's scheduling constraints +LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. @@ -10538,36 +9108,29 @@ If specified, indicates the pod's scheduling constraints - - - - - - - + + - - + +
nodeAffinityobject - Describes node affinity scheduling rules for the pod.
- 		false
podAffinityobjectmatchExpressions[]object - Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
podAntiAffinityobjectmatchLabelsmap[string]string - Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindexlabelselector) -Describes node affinity scheduling rules for the pod. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. @@ -10579,42 +9142,36 @@ Describes node affinity scheduling rules for the pod. - - + + - + - - + + + + + + +
preferredDuringSchedulingIgnoredDuringExecution[]objectkeystring - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node matches the corresponding matchExpressions; the -node(s) with the highest sum are the most preferred.
+ key is the label key that the selector applies to.
falsetrue
requiredDuringSchedulingIgnoredDuringExecutionobjectoperatorstring + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
-### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) +### AmazonCloudWatchAgent.spec.updateStrategy +[↩ Parent](#amazoncloudwatchagentspec) -An empty preferred scheduling term matches all objects with implicit weight 0 -(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec This is only applicable to Daemonset mode. @@ -10626,31 +9183,29 @@ An empty preferred scheduling term matches all objects with implicit weight 0 - + - + - - + + - +
preferencerollingUpdate object - A node selector term, associated with the corresponding weight.
+ Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345
truefalse
weightintegertypestring - Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
-
- Format: int32
+ Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
truefalse
-### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindex) +### AmazonCloudWatchAgent.spec.updateStrategy.rollingUpdate +[↩ Parent](#amazoncloudwatchagentspecupdatestrategy) -A node selector term, associated with the corresponding weight. +Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345 @@ -10662,30 +9217,29 @@ A node selector term, associated with the corresponding weight. - - + + - - + +
matchExpressions[]objectmaxSurgeint or string - A list of node selector requirements by node's labels.
+ The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption.
 false
matchFields[]objectmaxUnavailableint or string - A list of node selector requirements by node's fields.
+ The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
 false
-### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) +### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index] +[↩ Parent](#amazoncloudwatchagentspec) -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +PersistentVolumeClaim is a user's request for and claim to a persistent volume @@ -10697,42 +9251,50 @@ that relates the key and values. - + - + - + - + - - + + + + + + + + + + + +
keyapiVersion string - The label key that the selector applies to.
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
truefalse
operatorkind string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
truefalse
values[]stringmetadataobject + Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ 		false
specobject + spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
statusobject - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
-### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) +### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index].metadata +[↩ Parent](#amazoncloudwatchagentspecvolumeclaimtemplatesindex) -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -10744,2998 +9306,17 @@ that relates the key and values. - - + + - + - - + + - - - - - - - -
keystringannotationsmap[string]string - The label key that the selector applies to.
+
truefalse
operatorstringfinalizers[]string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- 		true
values[]string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) - - - -If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node. - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
nodeSelectorTerms[]object - Required. A list of node selector terms. The terms are ORed.
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecution) - - - -A null or empty node selector term matches no objects. The requirements of -them are ANDed. -The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - A list of node selector requirements by node's labels.
- 		false
matchFields[]object - A list of node selector requirements by node's fields.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) - - - -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The label key that the selector applies to.
- 		true
operatorstring - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- 		true
values[]string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) - - - -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The label key that the selector applies to.
- 		true
operatorstring - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- 		true
values[]string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) - - - -Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
- 		false
requiredDuringSchedulingIgnoredDuringExecution[]object - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) - - - -The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
podAffinityTermobject - Required. A pod affinity term, associated with the corresponding weight.
- 		true
weightinteger - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
-
- Format: int32
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindex) - - - -Required. A pod affinity term, associated with the corresponding weight. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
topologyKeystring - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
- 		true
labelSelectorobject - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
- 		false
matchLabelKeys[]string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
- 		false
mismatchLabelKeys[]string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
- 		false
namespaces[]string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) - - - -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) - - - -A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) - - - -Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
topologyKeystring - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
- 		true
labelSelectorobject - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
- 		false
matchLabelKeys[]string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
- 		false
mismatchLabelKeys[]string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
- 		false
namespaces[]string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) - - - -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) - - - -A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) - - - -Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object - The scheduler will prefer to schedule pods to nodes that satisfy -the anti-affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
- 		false
requiredDuringSchedulingIgnoredDuringExecution[]object - If the anti-affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the anti-affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) - - - -The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
podAffinityTermobject - Required. A pod affinity term, associated with the corresponding weight.
- 		true
weightinteger - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
-
- Format: int32
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindex) - - - -Required. A pod affinity term, associated with the corresponding weight. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
topologyKeystring - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
- 		true
labelSelectorobject - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
- 		false
matchLabelKeys[]string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
- 		false
mismatchLabelKeys[]string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
- 		false
namespaces[]string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) - - - -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) - - - -A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) - - - -Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
topologyKeystring - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
- 		true
labelSelectorobject - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
- 		false
matchLabelKeys[]string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
- 		false
mismatchLabelKeys[]string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
- 		false
namespaces[]string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) - - - -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) - - - -A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -EnvVar represents an environment variable present in a Container. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name of the environment variable. Must be a C_IDENTIFIER.
- 		true
valuestring - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
- 		false
valueFromobject - Source for the environment variable's value. Cannot be used if value is not empty.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindex) - - - -Source for the environment variable's value. Cannot be used if value is not empty. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
configMapKeyRefobject - Selects a key of a ConfigMap.
- 		false
fieldRefobject - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- 		false
resourceFieldRefobject - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- 		false
secretKeyRefobject - Selects a key of a secret in the pod's namespace
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.configMapKeyRef -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) - - - -Selects a key of a ConfigMap. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The key to select.
- 		true
namestring - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
- 		false
optionalboolean - Specify whether the ConfigMap or its key must be defined
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.fieldRef -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) - - - -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
fieldPathstring - Path of the field to select in the specified API version.
- 		true
apiVersionstring - Version of the schema the FieldPath is written in terms of, defaults to "v1".
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.resourceFieldRef -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) - - - -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
resourcestring - Required: resource to select
- 		true
containerNamestring - Container name: required for volumes, optional for env vars
- 		false
divisorint or string - Specifies the output format of the exposed resources, defaults to "1"
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.secretKeyRef -[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) - - - -Selects a key of a secret in the pod's namespace - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - The key of the secret to select from. Must be a valid secret key.
- 		true
namestring - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
- 		false
optionalboolean - Specify whether the Secret or its key must be defined
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.prometheusCR -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. -All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
enabledboolean - Enabled indicates whether to use a PrometheusOperator custom resources as targets or not.
- 		false
podMonitorSelectormap[string]string - PodMonitors to be selected for target discovery. -This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a -PodMonitor's meta labels. The requirements are ANDed.
- 		false
scrapeIntervalstring - Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. - - -Default: "30s"
-
- Format: duration
- Default: 30s
- 		false
serviceMonitorSelectormap[string]string - ServiceMonitors to be selected for target discovery. -This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a -ServiceMonitor's meta labels. The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.resources -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -Resources to set on the OpenTelemetryTargetAllocator containers. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
claims[]object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
- 		false
limitsmap[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- 		false
requestsmap[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.resources.claims[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatorresources) - - - -ResourceClaim references one entry in PodSpec.ResourceClaims. - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -SecurityContext configures the container security context for -the targetallocator. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
fsGroupinteger - A special supplemental group that applies to all containers in a pod. -Some volume types allow the Kubelet to change the ownership of that volume -to be owned by the pod: - - -1. The owning GID will be the FSGroup -2. The setgid bit is set (new files created in the volume will be owned by FSGroup) -3. The permission bits are OR'd with rw-rw---- - - -If unset, the Kubelet will not modify the ownership and permissions of any volume. -Note that this field cannot be set when spec.os.name is windows.
-
- Format: int64
- 		false
fsGroupChangePolicystring - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume -before being exposed inside Pod. This field will only apply to -volume types which support fsGroup based ownership(and permissions). -It will have no effect on ephemeral volume types such as: secret, configmaps -and emptydir. -Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. -Note that this field cannot be set when spec.os.name is windows.
- 		false
runAsGroupinteger - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence -for that container. -Note that this field cannot be set when spec.os.name is windows.
-
- Format: int64
- 		false
runAsNonRootboolean - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
- 		false
runAsUserinteger - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence -for that container. -Note that this field cannot be set when spec.os.name is windows.
-
- Format: int64
- 		false
seLinuxOptionsobject - The SELinux context to be applied to all containers. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in SecurityContext. If set in -both SecurityContext and PodSecurityContext, the value specified in SecurityContext -takes precedence for that container. -Note that this field cannot be set when spec.os.name is windows.
- 		false
seccompProfileobject - The seccomp options to use by the containers in this pod. -Note that this field cannot be set when spec.os.name is windows.
- 		false
supplementalGroups[]integer - A list of groups applied to the first process run in each container, in addition -to the container's primary GID, the fsGroup (if specified), and group memberships -defined in the container image for the uid of the container process. If unspecified, -no additional groups are added to any container. Note that group memberships -defined in the container image for the uid of the container process are still effective, -even if they are not included in this list. -Note that this field cannot be set when spec.os.name is windows.
- 		false
sysctls[]object - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported -sysctls (by the container runtime) might fail to launch. -Note that this field cannot be set when spec.os.name is windows.
- 		false
windowsOptionsobject - The Windows specific settings applied to all containers. -If unspecified, the options within a container's SecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seLinuxOptions -[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) - - - -The SELinux context to be applied to all containers. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in SecurityContext. If set in -both SecurityContext and PodSecurityContext, the value specified in SecurityContext -takes precedence for that container. -Note that this field cannot be set when spec.os.name is windows. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
levelstring - Level is SELinux level label that applies to the container.
- 		false
rolestring - Role is a SELinux role label that applies to the container.
- 		false
typestring - Type is a SELinux type label that applies to the container.
- 		false
userstring - User is a SELinux user label that applies to the container.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seccompProfile -[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) - - - -The seccomp options to use by the containers in this pod. -Note that this field cannot be set when spec.os.name is windows. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
typestring - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
- 		true
localhostProfilestring - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.sysctls[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) - - - -Sysctl defines a kernel parameter to be set - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
namestring - Name of a property to set
- 		true
valuestring - Value of a property to set
- 		true
- - -### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.windowsOptions -[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) - - - -The Windows specific settings applied to all containers. -If unspecified, the options within a container's SecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
gmsaCredentialSpecstring - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
- 		false
gmsaCredentialSpecNamestring - GMSACredentialSpecName is the name of the GMSA credential spec to use.
- 		false
hostProcessboolean - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
- 		false
runAsUserNamestring - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.tolerations[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -The pod this Toleration is attached to tolerates any taint that matches -the triple using the matching operator . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
effectstring - Effect indicates the taint effect to match. Empty means match all taint effects. -When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- 		false
keystring - Key is the taint key that the toleration applies to. Empty means match all taint keys. -If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- 		false
operatorstring - Operator represents a key's relationship to the value. -Valid operators are Exists and Equal. Defaults to Equal. -Exists is equivalent to wildcard for value, so that a pod can -tolerate all taints of a particular category.
- 		false
tolerationSecondsinteger - TolerationSeconds represents the period of time the toleration (which must be -of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, -it is not set, which means tolerate the taint forever (do not evict). Zero and -negative values will be treated as 0 (evict immediately) by the system.
-
- Format: int64
- 		false
valuestring - Value is the taint value the toleration matches to. -If the operator is Exists, the value should be empty, otherwise just a regular string.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocator) - - - -TopologySpreadConstraint specifies how to spread matching pods among the given topology. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
maxSkewinteger - MaxSkew describes the degree to which pods may be unevenly distributed. -When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference -between the number of matching pods in the target topology and the global minimum. -The global minimum is the minimum number of matching pods in an eligible domain -or zero if the number of eligible domains is less than MinDomains. -For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same -labelSelector spread as 2/2/1: -In this case, the global minimum is 1. -| zone1 | zone2 | zone3 | -| P P | P P | P | -- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; -scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) -violate MaxSkew(1). -- if MaxSkew is 2, incoming pod can be scheduled onto any zone. -When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence -to topologies that satisfy it. -It's a required field. Default value is 1 and 0 is not allowed.
-
- Format: int32
- 		true
topologyKeystring - TopologyKey is the key of node labels. Nodes that have a label with this key -and identical values are considered to be in the same topology. -We consider each as a "bucket", and try to put balanced number -of pods into each bucket. -We define a domain as a particular instance of a topology. -Also, we define an eligible domain as a domain whose nodes meet the requirements of -nodeAffinityPolicy and nodeTaintsPolicy. -e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. -And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. -It's a required field.
- 		true
whenUnsatisfiablestring - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy -the spread constraint. -- DoNotSchedule (default) tells the scheduler not to schedule it. -- ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. -A constraint is considered "Unsatisfiable" for an incoming pod -if and only if every possible node assignment for that pod would violate -"MaxSkew" on some topology. -For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same -labelSelector spread as 3/1/1: -| zone1 | zone2 | zone3 | -| P P P | P | P | -If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled -to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies -MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler -won't make it *more* imbalanced. -It's a required field.
- 		true
labelSelectorobject - LabelSelector is used to find matching pods. -Pods that match this label selector are counted to determine the number of pods -in their corresponding topology domain.
- 		false
matchLabelKeys[]string - MatchLabelKeys is a set of pod label keys to select the pods over which -spreading will be calculated. The keys are used to lookup values from the -incoming pod labels, those key-value labels are ANDed with labelSelector -to select the group of existing pods over which spreading will be calculated -for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -MatchLabelKeys cannot be set when LabelSelector isn't set. -Keys that don't exist in the incoming pod labels will -be ignored. A null or empty list means only match against labelSelector. - - -This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- 		false
minDomainsinteger - MinDomains indicates a minimum number of eligible domains. -When the number of eligible domains with matching topology keys is less than minDomains, -Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. -And when the number of eligible domains with matching topology keys equals or greater than minDomains, -this value has no effect on scheduling. -As a result, when the number of eligible domains is less than minDomains, -scheduler won't schedule more than maxSkew Pods to those domains. -If value is nil, the constraint behaves as if MinDomains is equal to 1. -Valid values are integers greater than 0. -When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - -For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same -labelSelector spread as 2/2/2: -| zone1 | zone2 | zone3 | -| P P | P P | P P | -The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. -In this situation, new pod with the same labelSelector cannot be scheduled, -because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, -it will violate MaxSkew. - - -This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
-
- Format: int32
- 		false
nodeAffinityPolicystring - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector -when calculating pod topology spread skew. Options are: -- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. -- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - -If this value is nil, the behavior is equivalent to the Honor policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- 		false
nodeTaintsPolicystring - NodeTaintsPolicy indicates how we will treat node taints when calculating -pod topology spread skew. Options are: -- Honor: nodes without taints, along with tainted nodes for which the incoming pod -has a toleration, are included. -- Ignore: node taints are ignored. All nodes are included. - - -If this value is nil, the behavior is equivalent to the Ignore policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindex) - - - -LabelSelector is used to find matching pods. -Pods that match this label selector are counted to determine the number of pods -in their corresponding topology domain. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindexlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.tolerations[index] -[↩ Parent](#amazoncloudwatchagentspec) - - - -The pod this Toleration is attached to tolerates any taint that matches -the triple using the matching operator . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
effectstring - Effect indicates the taint effect to match. Empty means match all taint effects. -When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- 		false
keystring - Key is the taint key that the toleration applies to. Empty means match all taint keys. -If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- 		false
operatorstring - Operator represents a key's relationship to the value. -Valid operators are Exists and Equal. Defaults to Equal. -Exists is equivalent to wildcard for value, so that a pod can -tolerate all taints of a particular category.
- 		false
tolerationSecondsinteger - TolerationSeconds represents the period of time the toleration (which must be -of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, -it is not set, which means tolerate the taint forever (do not evict). Zero and -negative values will be treated as 0 (evict immediately) by the system.
-
- Format: int64
- 		false
valuestring - Value is the taint value the toleration matches to. -If the operator is Exists, the value should be empty, otherwise just a regular string.
- 		false
- - -### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index] -[↩ Parent](#amazoncloudwatchagentspec) - - - -TopologySpreadConstraint specifies how to spread matching pods among the given topology. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
maxSkewinteger - MaxSkew describes the degree to which pods may be unevenly distributed. -When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference -between the number of matching pods in the target topology and the global minimum. -The global minimum is the minimum number of matching pods in an eligible domain -or zero if the number of eligible domains is less than MinDomains. -For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same -labelSelector spread as 2/2/1: -In this case, the global minimum is 1. -| zone1 | zone2 | zone3 | -| P P | P P | P | -- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; -scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) -violate MaxSkew(1). -- if MaxSkew is 2, incoming pod can be scheduled onto any zone. -When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence -to topologies that satisfy it. -It's a required field. Default value is 1 and 0 is not allowed.
-
- Format: int32
- 		true
topologyKeystring - TopologyKey is the key of node labels. Nodes that have a label with this key -and identical values are considered to be in the same topology. -We consider each as a "bucket", and try to put balanced number -of pods into each bucket. -We define a domain as a particular instance of a topology. -Also, we define an eligible domain as a domain whose nodes meet the requirements of -nodeAffinityPolicy and nodeTaintsPolicy. -e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. -And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. -It's a required field.
- 		true
whenUnsatisfiablestring - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy -the spread constraint. -- DoNotSchedule (default) tells the scheduler not to schedule it. -- ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. -A constraint is considered "Unsatisfiable" for an incoming pod -if and only if every possible node assignment for that pod would violate -"MaxSkew" on some topology. -For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same -labelSelector spread as 3/1/1: -| zone1 | zone2 | zone3 | -| P P P | P | P | -If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled -to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies -MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler -won't make it *more* imbalanced. -It's a required field.
- 		true
labelSelectorobject - LabelSelector is used to find matching pods. -Pods that match this label selector are counted to determine the number of pods -in their corresponding topology domain.
- 		false
matchLabelKeys[]string - MatchLabelKeys is a set of pod label keys to select the pods over which -spreading will be calculated. The keys are used to lookup values from the -incoming pod labels, those key-value labels are ANDed with labelSelector -to select the group of existing pods over which spreading will be calculated -for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -MatchLabelKeys cannot be set when LabelSelector isn't set. -Keys that don't exist in the incoming pod labels will -be ignored. A null or empty list means only match against labelSelector. - - -This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
- 		false
minDomainsinteger - MinDomains indicates a minimum number of eligible domains. -When the number of eligible domains with matching topology keys is less than minDomains, -Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. -And when the number of eligible domains with matching topology keys equals or greater than minDomains, -this value has no effect on scheduling. -As a result, when the number of eligible domains is less than minDomains, -scheduler won't schedule more than maxSkew Pods to those domains. -If value is nil, the constraint behaves as if MinDomains is equal to 1. -Valid values are integers greater than 0. -When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - -For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same -labelSelector spread as 2/2/2: -| zone1 | zone2 | zone3 | -| P P | P P | P P | -The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. -In this situation, new pod with the same labelSelector cannot be scheduled, -because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, -it will violate MaxSkew. - - -This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
-
- Format: int32
- 		false
nodeAffinityPolicystring - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector -when calculating pod topology spread skew. Options are: -- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. -- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - -If this value is nil, the behavior is equivalent to the Honor policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- 		false
nodeTaintsPolicystring - NodeTaintsPolicy indicates how we will treat node taints when calculating -pod topology spread skew. Options are: -- Honor: nodes without taints, along with tainted nodes for which the incoming pod -has a toleration, are included. -- Ignore: node taints are ignored. All nodes are included. - - -If this value is nil, the behavior is equivalent to the Ignore policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
- 		false
- - -### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindex) - - - -LabelSelector is used to find matching pods. -Pods that match this label selector are counted to determine the number of pods -in their corresponding topology domain. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
- 		false
- - -### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindexlabelselector) - - - -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
keystring - key is the label key that the selector applies to.
- 		true
operatorstring - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### AmazonCloudWatchAgent.spec.updateStrategy -[↩ Parent](#amazoncloudwatchagentspec) - - - -UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods -https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec -This is only applicable to Daemonset mode. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
rollingUpdateobject - Rolling update config params. Present only if type = "RollingUpdate". ---- -TODO: Update this to follow our convention for oneOf, whatever we decide it -to be. Same as Deployment `strategy.rollingUpdate`. -See https://github.com/kubernetes/kubernetes/issues/35345
- 		false
typestring - Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
- 		false
- - -### AmazonCloudWatchAgent.spec.updateStrategy.rollingUpdate -[↩ Parent](#amazoncloudwatchagentspecupdatestrategy) - - - -Rolling update config params. Present only if type = "RollingUpdate". ---- -TODO: Update this to follow our convention for oneOf, whatever we decide it -to be. Same as Deployment `strategy.rollingUpdate`. -See https://github.com/kubernetes/kubernetes/issues/35345 - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
maxSurgeint or string - The maximum number of nodes with an existing available DaemonSet pod that -can have an updated DaemonSet pod during during an update. -Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). -This can not be 0 if MaxUnavailable is 0. -Absolute number is calculated from percentage by rounding up to a minimum of 1. -Default value is 0. -Example: when this is set to 30%, at most 30% of the total number of nodes -that should be running the daemon pod (i.e. status.desiredNumberScheduled) -can have their a new pod created before the old pod is marked as deleted. -The update starts by launching new pods on 30% of nodes. Once an updated -pod is available (Ready for at least minReadySeconds) the old DaemonSet pod -on that node is marked deleted. If the old pod becomes unavailable for any -reason (Ready transitions to false, is evicted, or is drained) an updated -pod is immediatedly created on that node without considering surge limits. -Allowing surge implies the possibility that the resources consumed by the -daemonset on any given node can double if the readiness check fails, and -so resource intensive daemonsets should take into account that they may -cause evictions during disruption.
- 		false
maxUnavailableint or string - The maximum number of DaemonSet pods that can be unavailable during the -update. Value can be an absolute number (ex: 5) or a percentage of total -number of DaemonSet pods at the start of the update (ex: 10%). Absolute -number is calculated from percentage by rounding up. -This cannot be 0 if MaxSurge is 0 -Default value is 1. -Example: when this is set to 30%, at most 30% of the total number of nodes -that should be running the daemon pod (i.e. status.desiredNumberScheduled) -can have their pods stopped for an update at any given time. The update -starts by stopping at most 30% of those DaemonSet pods and then brings -up new DaemonSet pods in their place. Once the new pods are available, -it then proceeds onto other DaemonSet pods, thus ensuring that at least -70% of original number of DaemonSet pods are available at all times during -the update.
- 		false
- - -### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index] -[↩ Parent](#amazoncloudwatchagentspec) - - - -PersistentVolumeClaim is a user's request for and claim to a persistent volume - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
apiVersionstring - APIVersion defines the versioned schema of this representation of an object. -Servers should convert recognized schemas to the latest internal value, and -may reject unrecognized values. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- 		false
kindstring - Kind is a string value representing the REST resource this object represents. -Servers may infer this from the endpoint the client submits requests to. -Cannot be updated. -In CamelCase. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- 		false
metadataobject - Standard object's metadata. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- 		false
specobject - spec defines the desired characteristics of a volume requested by a pod author. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- 		false
statusobject - status represents the current information/status of a persistent volume claim. -Read-only. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- 		false
- - -### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index].metadata -[↩ Parent](#amazoncloudwatchagentspecvolumeclaimtemplatesindex) - - - -Standard object's metadata. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - - - - - - - - - - - - - - - - - - - @@ -13768,8 +9349,7 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- -spec defines the desired characteristics of a volume requested by a pod author. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
NameTypeDescriptionRequired
annotationsmap[string]string -
- 		false
finalizers[]string -
+
false
@@ -13784,62 +9364,28 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -13853,34 +9399,21 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour @@ -13899,14 +9432,7 @@ Value of Filesystem is implied when not included in claim spec.
-dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. -If specified, the CSI driver will create or update the volume with the attributes defined -in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. -If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be -set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource -exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. -Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 false
@@ -13935,9 +9461,7 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour @@ -13949,29 +9473,7 @@ For any other third-party types, APIGroup is required.
-dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
@@ -14000,18 +9502,14 @@ There are three important differences between dataSource and dataSourceRef: @@ -14023,11 +9521,7 @@ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGr -resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced -Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. -(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -14042,18 +9536,14 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour @@ -14087,9 +9577,7 @@ selector is a label query over volumes to consider for binding. @@ -14101,8 +9589,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14124,18 +9611,14 @@ relates the key and values. @@ -14147,9 +9630,7 @@ merge patch.
-status represents the current information/status of a persistent volume claim. -Read-only. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -14164,83 +9645,27 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -14254,26 +9679,21 @@ This is an alpha field and requires enabling RecoverVolumeExpansionFailure featu @@ -14346,9 +9766,7 @@ PersistentVolumeClaimCondition contains details about state of pvc @@ -14360,9 +9778,7 @@ persistent volume is being resized.
-ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. -When this is unset, there is no ModifyVolume operation being attempted. -This is an alpha field and requires enabling VolumeAttributesClass feature. +ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature.
accessModes []string - accessModes contains the actual access modes the volume backing the PVC has. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
allocatedResourceStatuses map[string]string - allocatedResourceStatuses stores status of resource being resized for the given PVC. -Key names follow standard Kubernetes label syntax. Valid values are either: - * Un-prefixed keys: - - storage - the capacity of the volume. - * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" -Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered -reserved and hence may not be used. - - -ClaimResourceStatus can be in any of following states: - - ControllerResizeInProgress: - State set when resize controller starts resizing the volume in control-plane. - - ControllerResizeFailed: - State set when resize has failed in resize controller with a terminal error. - - NodeResizePending: - State set when resize controller has finished resizing the volume but further resizing of - volume is needed on the node. - - NodeResizeInProgress: - State set when kubelet starts resizing the volume. - - NodeResizeFailed: - State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - NodeResizeFailed. -For example: if expanding a PVC for more capacity - this field can be one of the following states: - - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" -When this field is not set, it means that no resize operation is in progress for the given PVC. - - -A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus -should ignore the update for the purpose it was designed. For example - a controller that -only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid -resources associated with PVC. - - -This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. + ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. + A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. + This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 false
allocatedResources map[string]int or string - allocatedResources tracks the resources allocated to a PVC including its capacity. -Key names follow standard Kubernetes label syntax. Valid values are either: - * Un-prefixed keys: - - storage - the capacity of the volume. - * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" -Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered -reserved and hence may not be used. - - -Capacity reported here may be larger than the actual capacity when a volume expansion operation -is requested. -For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. -If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. -If a volume expansion capacity request is lowered, allocatedResources is only -lowered if there are no expansion operations in progress and if the actual volume capacity -is equal or lower than the requested capacity. - - -A controller that receives PVC update with previously unknown resourceName -should ignore the update for the purpose it was designed. For example - a controller that -only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid -resources associated with PVC. - - -This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. + Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. + A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. + This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 false
conditions []object - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being -resized then the Condition will be set to 'ResizeStarted'.
+ conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
 false
currentVolumeAttributesClassName string - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. -When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim -This is an alpha field and requires enabling VolumeAttributesClass feature.
+ currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
 false
modifyVolumeStatus object - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. -When this is unset, there is no ModifyVolume operation being attempted. -This is an alpha field and requires enabling VolumeAttributesClass feature.
+ ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature.
 false
reason string - reason is a unique, this should be a short, machine understandable string that gives the reason -for condition's last transition. If it reports "ResizeStarted" that means the underlying -persistent volume is being resized.
+ reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
 false
@@ -14377,16 +9793,7 @@ This is an alpha field and requires enabling VolumeAttributesClass feature. @@ -14420,8 +9827,7 @@ VolumeMount describes a mounting of a Volume within a container. @@ -14435,36 +9841,28 @@ not contain ':'.
@@ -14491,18 +9889,14 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -14530,8 +9924,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst @@ -14559,42 +9952,18 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
@@ -14608,8 +9977,7 @@ persistent volumes at the same time.
@@ -14623,67 +9991,49 @@ provisioned/attached using an exec based plugin.
@@ -14718,8 +10068,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -14733,8 +10082,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md
@@ -14760,9 +10108,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
status string - status is the status of the ControllerModifyVolume operation. It can be in any of following states: - - Pending - Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as - the specified VolumeAttributesClass not existing. - - InProgress - InProgress indicates that the volume is being modified. - - Infeasible - Infeasible indicates that the request has been rejected as invalid by the CSI driver. To - resolve the error, a valid VolumeAttributesClass needs to be specified. -Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+ status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
 true
mountPath string - Path within the container at which the volume should be mounted. Must -not contain ':'.
+ Path within the container at which the volume should be mounted. Must not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host -to container and the other way around. -When not set, MountPropagationNone is used. -This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). -Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. -Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. -Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. -Defaults to "" (volume's root). -SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
 false
name string - name of the volume. -Must be a DNS_LABEL and unique within the pod. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 true
awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - -Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. - - -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. - - -A pod can use both types of ephemeral volumes and -persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time.
 false
flexVolume object - flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
 false
gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
gitRepo object - gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container.
+ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
 false
glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
hostPath object - hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
 false
iscsi object - iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
 false
secret object - secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
@@ -14777,29 +10123,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst @@ -14808,8 +10146,7 @@ Similarly, the volume partition for /dev/sda is "0" (or you can leave the proper @@ -14857,9 +10194,7 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -14873,8 +10208,7 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
@@ -14915,8 +10249,7 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -14943,8 +10276,7 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -14958,33 +10290,28 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
@@ -14996,8 +10323,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -15012,9 +10338,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -15026,8 +10350,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -15042,35 +10365,28 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md @@ -15082,8 +10398,7 @@ to OpenStack.
-secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
 false
@@ -15098,9 +10413,7 @@ to OpenStack. @@ -15127,13 +10440,7 @@ configMap represents a configMap that should populate this volume @@ -15142,22 +10449,14 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -15198,22 +10497,14 @@ Maps a string key to a path within a volume. @@ -15242,44 +10533,35 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -15291,11 +10573,7 @@ driver. Consult your driver's documentation for supported values.
-nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 items []object - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. -Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". -If not provided, the empty value is passed to the associated CSI driver -which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. -Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI -driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
 false
@@ -15310,9 +10588,7 @@ secret object contains more than one secret, all secret references are passed. @@ -15339,14 +10615,7 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -15396,12 +10665,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -15410,8 +10674,7 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -15457,8 +10720,7 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a -Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -15499,8 +10761,7 @@ Selects a resource of the container: only resources limits and requests -emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -15515,22 +10776,14 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -15542,34 +10795,11 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - -Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. - - -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. - - -A pod can use both types of ephemeral volumes and -persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. -The default is "" which means to use the node's default medium. -Must be an empty string (default) or Memory. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. -The size limit is also applicable for memory medium. -The maximum usage on memory medium EmptyDir would be the minimum value between -the SizeLimit specified here and the sum of memory limits of all containers in a pod. -The default is nil which means that the limit is undefined. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -15584,30 +10814,10 @@ persistent volumes at the same time. @@ -15619,30 +10829,10 @@ Required, must not be nil.
-Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil.
 false
@@ -15657,19 +10847,14 @@ Required, must not be nil. @@ -15681,10 +10866,7 @@ validation.
-The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here. +The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation.
+ May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
 false
@@ -15699,62 +10881,28 @@ are also valid here. @@ -15768,34 +10916,21 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour @@ -15814,14 +10949,7 @@ Value of Filesystem is implied when not included in claim spec.
-dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. -If specified, the CSI driver will create or update the volume with the attributes defined -in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. -If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be -set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource -exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. -Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 false
@@ -15850,9 +10978,7 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour @@ -15864,29 +10990,7 @@ For any other third-party types, APIGroup is required.
-dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
@@ -15915,18 +11019,14 @@ There are three important differences between dataSource and dataSourceRef: @@ -15938,11 +11038,7 @@ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGr -resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced -Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. -(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -15957,18 +11053,14 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour @@ -16002,9 +11094,7 @@ selector is a label query over volumes to consider for binding. @@ -16016,8 +11106,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -16039,18 +11128,14 @@ relates the key and values. @@ -16062,9 +11147,7 @@ merge patch.
-May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation. +May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -16134,10 +11217,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -16153,8 +11233,7 @@ TODO: how do we prevent errors in the filesystem from compromising the machinereadOnly @@ -16168,8 +11247,7 @@ the ReadOnly setting in VolumeMounts.
 @@ -16181,8 +11259,7 @@ Either wwids or combination of targetWWNs and lun must be set, but not both simu -flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
 false
boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) -Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -16204,9 +11281,7 @@ provisioned/attached using an exec based plugin. @@ -16220,19 +11295,14 @@ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.< @@ -16244,11 +11314,7 @@ scripts.
-secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts. +secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
 false
@@ -16263,9 +11329,7 @@ scripts. @@ -16292,8 +11356,7 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -16312,9 +11375,7 @@ should be considered as deprecated
-gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker -should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
 false
@@ -16329,30 +11390,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -16361,9 +11413,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -16375,10 +11425,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container. +gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -16400,10 +11447,7 @@ into the Pod's container. @@ -16422,8 +11466,7 @@ the subdirectory with the given name.
-glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. -Must not contain or start with '..'. If '.' is supplied, the volume directory will be the -git repository. Otherwise, if specified, the volume will contain the git repository in -the subdirectory with the given name.
+ directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
 false
@@ -16438,25 +11481,21 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md @@ -16468,14 +11507,7 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. -Defaults to false. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -16490,18 +11522,14 @@ mount host directories as read/write. @@ -16513,9 +11541,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. -If the path is a symlink, it will follow the link to the real path. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume -Defaults to "" -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -16546,8 +11572,7 @@ More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -16568,44 +11593,35 @@ is other than default (typically TCP ports 860 and 3260).
 @@ -16639,9 +11655,7 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -16653,8 +11667,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. -If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface -: will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. -Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -16669,25 +11682,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs @@ -16699,9 +11708,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -16716,16 +11723,14 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -16759,9 +11764,7 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -16795,17 +11798,14 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -16832,12 +11832,7 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -16871,24 +11866,12 @@ Projection that may be projected along with other supported volume types - - + @@ -16928,22 +11911,10 @@ may change the order over time.
-ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field -of ClusterTrustBundle objects in an auto-updating file. - - -Alpha, gated by the ClusterTrustBundleProjection feature gate. - - -ClusterTrustBundle objects can either be selected by name, or by the -combination of signer name and a label selector. - - -Kubelet performs aggressive normalization of the PEM contents written -into the pod filesystem. Esoteric PEM features such as inter-block -comments and block headers are stripped. Certificates are deduplicated. -The ordering of certificates within the file is arbitrary, and Kubelet -may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + Alpha, gated by the ClusterTrustBundleProjection feature gate. + ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. -Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
 false
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundleobject - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field -of ClusterTrustBundle objects in an auto-updating file. - - -Alpha, gated by the ClusterTrustBundleProjection feature gate. - - -ClusterTrustBundle objects can either be selected by name, or by the -combination of signer name and a label selector. - - -Kubelet performs aggressive normalization of the PEM contents written -into the pod filesystem. Esoteric PEM features such as inter-block -comments and block headers are stripped. Certificates are deduplicated. -The ordering of certificates within the file is arbitrary, and Kubelet -may change the order over time.
+ 		object + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + Alpha, gated by the ClusterTrustBundleProjection feature gate. + ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
 false
@@ -16965,38 +11936,28 @@ may change the order over time. @@ -17008,10 +11969,7 @@ ClusterTrustBundles will be unified and deduplicated.
-Select all ClusterTrustBundles that match this label selector. Only has -effect if signerName is set. Mutually-exclusive with name. If unset, -interpreted as "match nothing". If set but empty, interpreted as "match -everything". +Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has -effect if signerName is set. Mutually-exclusive with name. If unset, -interpreted as "match nothing". If set but empty, interpreted as "match -everything".
+ Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive -with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) -aren't available. If using name, then the named ClusterTrustBundle is -allowed not to exist. If using signerName, then the combination of -signerName and labelSelector is allowed to match zero -ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. -Mutually-exclusive with name. The contents of all selected -ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
 false
@@ -17033,9 +11991,7 @@ everything". @@ -17047,8 +12003,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -17070,18 +12025,14 @@ relates the key and values. @@ -17108,22 +12059,14 @@ configMap information about the configMap data to project @@ -17164,22 +12107,14 @@ Maps a string key to a path within a volume. @@ -17249,12 +12184,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -17263,8 +12193,7 @@ mode, like fsGroup, and the result can be other mode bits set.
 @@ -17310,8 +12239,7 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -17367,22 +12295,14 @@ secret information about the secret data to project @@ -17423,22 +12343,14 @@ Maps a string key to a path within a volume. @@ -17467,30 +12379,21 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -17519,9 +12422,7 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -17535,32 +12436,28 @@ which acts as the central registry for volumes
 @@ -17572,8 +12469,7 @@ Defaults to serivceaccount user
-rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the -token into.
+ path is the path relative to the mount point of the file to project the token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token -must identify itself with an identifier specified in the audience of the -token, and otherwise should reject the token. The audience defaults to the -identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service -account token. As the token approaches expiration, the kubelet volume -plugin will proactively rotate the service account token. The kubelet will -start trying to rotate the token if the token is older than 80 percent of -its time to live or if the token is older than 24 hours.Defaults to 1 hour -and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services -specified as a string as host:port pair (multiple entries are separated with commas) -which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
 true
group string - group to map volume access to -Default is no group
+ group to map volume access to Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. -Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend -Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to -Defaults to serivceaccount user
+ user to map volume access to Defaults to serivceaccount user
 false
@@ -17588,73 +12484,56 @@ More info: https://examples.k8s.io/volumes/rbd/README.md @@ -17666,10 +12545,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. -Default is /etc/ceph/keyring. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. -Default is rbd. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. -Default is admin. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -17684,9 +12560,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -17720,8 +12594,7 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17735,10 +12608,7 @@ sensitive information. If this is not provided, Login operation will fail.
 @@ -17752,8 +12622,7 @@ Default is "xfs".
 @@ -17767,8 +12636,7 @@ the ReadOnly setting in VolumeMounts.
 @@ -17782,8 +12650,7 @@ Default is ThinProvisioned.
 @@ -17795,8 +12662,7 @@ that is associated with this volume source.
-secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". -Default is "xfs".
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. -Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system -that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
 false
@@ -17811,9 +12677,7 @@ sensitive information. If this is not provided, Login operation will fail. @@ -17825,8 +12689,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -17841,13 +12704,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -17856,13 +12713,7 @@ mode, like fsGroup, and the result can be other mode bits set.
 @@ -17876,8 +12727,7 @@ relative and may not contain the '..' path or start with '..'.
 @@ -17911,22 +12761,14 @@ Maps a string key to a path within a volume. @@ -17955,45 +12797,35 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -18005,8 +12837,7 @@ Namespaces that do not pre-exist within StorageOS will be created.
-secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values -for mode bits. Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume -names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no -namespace is specified then the Pod's namespace will be used. This allows the -Kubernetes name scoping to be mirrored within StorageOS for tighter integration. -Set VolumeName to any name to override the default behaviour. -Set to "default" if you are not using namespaces within StorageOS. -Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -18021,9 +12852,7 @@ credentials. If not specified, default values will be attempted. @@ -18057,9 +12886,7 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -18107,16 +12934,14 @@ AmazonCloudWatchAgentStatus defines the observed state of AmazonCloudWatchAgent. @@ -18159,8 +12984,7 @@ Scale is the AmazonCloudWatchAgent's scale subresource status. @@ -18169,17 +12993,14 @@ AmazonCloudWatchAgent's deployment or statefulSet.
 @@ -18273,8 +13094,7 @@ DcgmExporterSpec defines the desired state of DcgmExporter. @@ -18295,17 +13115,14 @@ consumed in the config file for the Collector.
 @@ -18319,8 +13136,7 @@ used to open additional ports that can't be inferred by the operator, like for c @@ -18330,14 +13146,6 @@ the operator will not automatically create a ServiceAccount for the collector. - - - - - @@ -18417,26 +13225,14 @@ Describes node affinity scheduling rules for the pod. @@ -18448,8 +13244,7 @@ may or may not try to eventually evict the pod from its node.
-An empty preferred scheduling term matches all objects with implicit weight 0 -(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. -Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. -Deprecated: use "AmazonCloudWatchAgent.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. Deprecated: use "AmazonCloudWatchAgent.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this -AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's -deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / -Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). -Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
 false
env []object - ENV vars to set on the DCGM Exporter Pods. These can then in certain cases be -consumed in the config file for the Collector.
+ ENV vars to set on the DCGM Exporter Pods. These can then in certain cases be consumed in the config file for the Collector.
 false
nodeSelector map[string]string - NodeSelector to schedule DCGM Exporter pods. -This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule DCGM Exporter pods. This is only relevant to daemonset, statefulset, and deployment mode
 false
ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator -will attempt to infer the required ports by parsing the .Spec.Config property but this property can be -used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
 false
serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, -the operator will not automatically create a ServiceAccount for the collector.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
 false
false
tolerations[]object - Toleration to schedule DCGM Exporter pods. -This is only relevant to daemonset, statefulset, and deployment mode
- 		false
volumeMounts []objectpreferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node matches the corresponding matchExpressions; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
 false
@@ -18519,8 +13314,7 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
@@ -18542,19 +13336,14 @@ that relates the key and values. @@ -18566,8 +13355,7 @@ This array is replaced during a strategic merge patch.
-A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -18589,19 +13377,14 @@ that relates the key and values. @@ -18613,11 +13396,7 @@ This array is replaced during a strategic merge patch.
-If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -18644,9 +13423,7 @@ may or may not try to eventually evict the pod from its node. -A null or empty node selector term matches no objects. The requirements of -them are ANDed. -The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -18680,8 +13457,7 @@ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
@@ -18703,19 +13479,14 @@ that relates the key and values. @@ -18727,8 +13498,7 @@ This array is replaced during a strategic merge patch.
-A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -18750,19 +13520,14 @@ that relates the key and values. @@ -18789,28 +13554,14 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -18844,8 +13595,7 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -18874,70 +13624,42 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -18949,8 +13671,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -18972,9 +13693,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -18986,8 +13705,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -19009,18 +13727,14 @@ relates the key and values. @@ -19032,11 +13746,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -19058,9 +13768,7 @@ An empty selector ({}) matches all namespaces. @@ -19072,8 +13780,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -19095,18 +13802,14 @@ relates the key and values. @@ -19118,12 +13821,7 @@ merge patch.
-Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -19138,70 +13836,42 @@ a pod of the set of pods is running @@ -19213,8 +13883,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -19236,9 +13905,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -19250,8 +13917,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -19273,18 +13939,14 @@ relates the key and values. @@ -19296,11 +13958,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -19322,9 +13980,7 @@ An empty selector ({}) matches all namespaces. @@ -19336,8 +13992,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -19359,18 +14014,14 @@ relates the key and values. @@ -19397,28 +14048,14 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -19452,8 +14089,7 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -19482,70 +14118,42 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -19557,8 +14165,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the anti-affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the anti-affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -19580,9 +14187,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -19594,8 +14199,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -19617,18 +14221,14 @@ relates the key and values. @@ -19640,11 +14240,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -19666,9 +14262,7 @@ An empty selector ({}) matches all namespaces. @@ -19680,8 +14274,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -19703,18 +14296,14 @@ relates the key and values. @@ -19726,12 +14315,7 @@ merge patch.
-Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -19746,70 +14330,42 @@ a pod of the set of pods is running @@ -19821,8 +14377,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -19844,9 +14399,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -19858,8 +14411,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -19881,18 +14433,14 @@ relates the key and values. @@ -19904,11 +14452,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -19930,9 +14474,7 @@ An empty selector ({}) matches all namespaces. @@ -19944,8 +14486,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -19967,18 +14508,14 @@ relates the key and values. @@ -20012,15 +14549,7 @@ EnvVar represents an environment variable present in a Container. @@ -20061,16 +14590,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -20111,9 +14638,7 @@ Selects a key of a ConfigMap. @@ -20132,8 +14657,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -20167,8 +14691,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -20231,9 +14754,7 @@ Selects a key of a secret in the pod's namespace @@ -20276,50 +14797,24 @@ ServicePort contains information on service's port. @@ -20328,8 +14823,7 @@ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type @@ -20338,14 +14832,7 @@ Default is TCP.
 @@ -20372,33 +14859,23 @@ Resources to set on the DCGM Exporter pods. @@ -20425,82 +14902,13 @@ ResourceClaim references one entry in PodSpec.ResourceClaims.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
appProtocol string - The application protocol for this port. -This is used as a hint for implementations to offer richer behavior for protocols that they understand. -This field follows standard Kubernetes label syntax. -Valid values are either: - - -* Un-prefixed protocol names - reserved for IANA standard service names (as per -RFC-6335 and https://www.iana.org/assignments/service-names). - - -* Kubernetes-defined prefixed names: - * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- - * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - - -* Other protocols should use implementation-defined prefixed names such as -mycompany.com/my-custom-protocol.
+ The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: + * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). + * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. -All ports within a ServiceSpec must have unique names. When considering -the endpoints for a Service, this must match the 'name' field in the -EndpointPort. -Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is -NodePort or LoadBalancer. Usually assigned by the system. If a value is -specified, in-range, and not in use it will be used, otherwise the -operation will fail. If not specified, a port will be allocated if this -Service requires one. If this field is specified when creating a -Service which does not need it, creation will fail. This field will be -wiped when updating a Service to no longer need it (e.g. changing type -from NodePort to ClusterIP). -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". -Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. -Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. -If this is a string, it will be looked up as a named port in the -target Pod's container ports. If this is not specified, the value -of the 'port' field is used (an identity map). -This field is ignored for services with clusterIP=None, and should be -omitted or set equal to the 'port' field. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
-### DcgmExporter.spec.tolerations[index] -[↩ Parent](#dcgmexporterspec) - - - -The pod this Toleration is attached to tolerates any taint that matches -the triple using the matching operator . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
effectstring - Effect indicates the taint effect to match. Empty means match all taint effects. -When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- 		false
keystring - Key is the taint key that the toleration applies to. Empty means match all taint keys. -If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- 		false
operatorstring - Operator represents a key's relationship to the value. -Valid operators are Exists and Equal. Defaults to Equal. -Exists is equivalent to wildcard for value, so that a pod can -tolerate all taints of a particular category.
- 		false
tolerationSecondsinteger - TolerationSeconds represents the period of time the toleration (which must be -of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, -it is not set, which means tolerate the taint forever (do not evict). Zero and -negative values will be treated as 0 (evict immediately) by the system.
-
- Format: int64
- 		false
valuestring - Value is the taint value the toleration matches to. -If the operator is Exists, the value should be empty, otherwise just a regular string.
- 		false
- - ### DcgmExporter.spec.volumeMounts[index] [↩ Parent](#dcgmexporterspec) @@ -20521,8 +14929,7 @@ VolumeMount describes a mounting of a Volume within a container. mountPath string - Path within the container at which the volume should be mounted. Must -not contain ':'.
+ Path within the container at which the volume should be mounted. Must not contain ':'.
true @@ -20536,36 +14943,28 @@ not contain ':'.
mountPropagation string - mountPropagation determines how mounts are propagated from the host -to container and the other way around. -When not set, MountPropagationNone is used. -This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
false readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). -Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
false subPath string - Path within the volume from which the container's volume should be mounted. -Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
false subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. -Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. -Defaults to "" (volume's root). -SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
false @@ -20592,18 +14991,14 @@ Volume represents a named volume in a pod that may be accessed by any container name string - name of the volume. -Must be a DNS_LABEL and unique within the pod. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
true awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false @@ -20631,8 +15026,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
false @@ -20660,42 +15054,18 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
false ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - -Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. - - -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. - - -A pod can use both types of ephemeral volumes and -persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time.
false @@ -20709,8 +15079,7 @@ persistent volumes at the same time.
flexVolume object - flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
false @@ -20724,67 +15093,49 @@ provisioned/attached using an exec based plugin.
gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
false gitRepo object - gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container.
+ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
false glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
false hostPath object - hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
false iscsi object - iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
false nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
false persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
false @@ -20819,8 +15170,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
false @@ -20834,8 +15184,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md
secret object - secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
false @@ -20861,9 +15210,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -20878,29 +15225,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst @@ -20909,8 +15248,7 @@ Similarly, the volume partition for /dev/sda is "0" (or you can leave the proper @@ -20958,9 +15296,7 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -20974,8 +15310,7 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
@@ -21016,8 +15351,7 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -21044,8 +15378,7 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -21059,33 +15392,28 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
@@ -21097,8 +15425,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -21113,9 +15440,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -21127,8 +15452,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -21143,35 +15467,28 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md @@ -21183,8 +15500,7 @@ to OpenStack.
-secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
 false
@@ -21199,9 +15515,7 @@ to OpenStack. @@ -21228,13 +15542,7 @@ configMap represents a configMap that should populate this volume @@ -21243,22 +15551,14 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -21299,22 +15599,14 @@ Maps a string key to a path within a volume. @@ -21343,44 +15635,35 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -21392,11 +15675,7 @@ driver. Consult your driver's documentation for supported values.
-nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 items []object - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. -Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". -If not provided, the empty value is passed to the associated CSI driver -which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. -Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI -driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
 false
@@ -21411,9 +15690,7 @@ secret object contains more than one secret, all secret references are passed. @@ -21440,14 +15717,7 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -21497,12 +15767,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -21511,8 +15776,7 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -21558,8 +15822,7 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a -Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -21600,8 +15863,7 @@ Selects a resource of the container: only resources limits and requests -emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -21616,22 +15878,14 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -21643,34 +15897,11 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - -Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. - - -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. - - -A pod can use both types of ephemeral volumes and -persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. -The default is "" which means to use the node's default medium. -Must be an empty string (default) or Memory. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. -The size limit is also applicable for memory medium. -The maximum usage on memory medium EmptyDir would be the minimum value between -the SizeLimit specified here and the sum of memory limits of all containers in a pod. -The default is nil which means that the limit is undefined. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -21685,30 +15916,10 @@ persistent volumes at the same time. @@ -21720,30 +15931,10 @@ Required, must not be nil.
-Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil.
 false
@@ -21758,19 +15949,14 @@ Required, must not be nil. @@ -21782,10 +15968,7 @@ validation.
-The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here. +The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation.
+ May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
 false
@@ -21800,62 +15983,28 @@ are also valid here. @@ -21869,34 +16018,21 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour @@ -21915,14 +16051,7 @@ Value of Filesystem is implied when not included in claim spec.
-dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. -If specified, the CSI driver will create or update the volume with the attributes defined -in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. -If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be -set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource -exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. -Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 false
@@ -21951,9 +16080,7 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour @@ -21965,29 +16092,7 @@ For any other third-party types, APIGroup is required.
-dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
@@ -22016,18 +16121,14 @@ There are three important differences between dataSource and dataSourceRef: @@ -22039,11 +16140,7 @@ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGr -resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced -Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. -(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -22058,18 +16155,14 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour @@ -22103,9 +16196,7 @@ selector is a label query over volumes to consider for binding. @@ -22117,8 +16208,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22140,18 +16230,14 @@ relates the key and values. @@ -22163,9 +16249,7 @@ merge patch.
-May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation. +May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -22235,10 +16319,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -22254,8 +16335,7 @@ TODO: how do we prevent errors in the filesystem from compromising the machinereadOnly @@ -22269,8 +16349,7 @@ the ReadOnly setting in VolumeMounts.
 @@ -22282,8 +16361,7 @@ Either wwids or combination of targetWWNs and lun must be set, but not both simu -flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
 false
boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) -Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -22305,9 +16383,7 @@ provisioned/attached using an exec based plugin. @@ -22321,19 +16397,14 @@ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.< @@ -22345,11 +16416,7 @@ scripts.
-secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts. +secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
 false
@@ -22364,9 +16431,7 @@ scripts. @@ -22393,8 +16458,7 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -22413,9 +16477,7 @@ should be considered as deprecated
-gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker -should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
 false
@@ -22430,30 +16492,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -22462,9 +16515,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -22476,10 +16527,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container. +gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -22501,10 +16549,7 @@ into the Pod's container. @@ -22523,8 +16568,7 @@ the subdirectory with the given name.
-glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. -Must not contain or start with '..'. If '.' is supplied, the volume directory will be the -git repository. Otherwise, if specified, the volume will contain the git repository in -the subdirectory with the given name.
+ directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
 false
@@ -22539,25 +16583,21 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md @@ -22569,14 +16609,7 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. -Defaults to false. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -22591,18 +16624,14 @@ mount host directories as read/write. @@ -22614,9 +16643,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. -If the path is a symlink, it will follow the link to the real path. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume -Defaults to "" -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -22647,8 +16674,7 @@ More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -22669,44 +16695,35 @@ is other than default (typically TCP ports 860 and 3260).
 @@ -22740,9 +16757,7 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -22754,8 +16769,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. -If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface -: will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. -Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -22770,25 +16784,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs @@ -22800,9 +16810,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -22817,16 +16825,14 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -22860,9 +16866,7 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -22896,17 +16900,14 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -22933,12 +16934,7 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -22974,22 +16970,10 @@ Projection that may be projected along with other supported volume types @@ -23029,22 +17013,10 @@ may change the order over time.
-ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field -of ClusterTrustBundle objects in an auto-updating file. - - -Alpha, gated by the ClusterTrustBundleProjection feature gate. - - -ClusterTrustBundle objects can either be selected by name, or by the -combination of signer name and a label selector. - - -Kubelet performs aggressive normalization of the PEM contents written -into the pod filesystem. Esoteric PEM features such as inter-block -comments and block headers are stripped. Certificates are deduplicated. -The ordering of certificates within the file is arbitrary, and Kubelet -may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + Alpha, gated by the ClusterTrustBundleProjection feature gate. + ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. -Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
 false
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundle object - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field -of ClusterTrustBundle objects in an auto-updating file. - - -Alpha, gated by the ClusterTrustBundleProjection feature gate. - - -ClusterTrustBundle objects can either be selected by name, or by the -combination of signer name and a label selector. - - -Kubelet performs aggressive normalization of the PEM contents written -into the pod filesystem. Esoteric PEM features such as inter-block -comments and block headers are stripped. Certificates are deduplicated. -The ordering of certificates within the file is arbitrary, and Kubelet -may change the order over time.
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + Alpha, gated by the ClusterTrustBundleProjection feature gate. + ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
 false
@@ -23066,38 +17038,28 @@ may change the order over time. @@ -23109,10 +17071,7 @@ ClusterTrustBundles will be unified and deduplicated.
-Select all ClusterTrustBundles that match this label selector. Only has -effect if signerName is set. Mutually-exclusive with name. If unset, -interpreted as "match nothing". If set but empty, interpreted as "match -everything". +Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has -effect if signerName is set. Mutually-exclusive with name. If unset, -interpreted as "match nothing". If set but empty, interpreted as "match -everything".
+ Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive -with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) -aren't available. If using name, then the named ClusterTrustBundle is -allowed not to exist. If using signerName, then the combination of -signerName and labelSelector is allowed to match zero -ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. -Mutually-exclusive with name. The contents of all selected -ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
 false
@@ -23134,9 +17093,7 @@ everything". @@ -23148,8 +17105,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -23171,18 +17127,14 @@ relates the key and values. @@ -23209,22 +17161,14 @@ configMap information about the configMap data to project @@ -23265,22 +17209,14 @@ Maps a string key to a path within a volume. @@ -23350,12 +17286,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -23364,8 +17295,7 @@ mode, like fsGroup, and the result can be other mode bits set.
 @@ -23411,8 +17341,7 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -23468,22 +17397,14 @@ secret information about the secret data to project @@ -23524,22 +17445,14 @@ Maps a string key to a path within a volume. @@ -23568,30 +17481,21 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -23620,9 +17524,7 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -23636,32 +17538,28 @@ which acts as the central registry for volumes
 @@ -23673,8 +17571,7 @@ Defaults to serivceaccount user
-rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the -token into.
+ path is the path relative to the mount point of the file to project the token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token -must identify itself with an identifier specified in the audience of the -token, and otherwise should reject the token. The audience defaults to the -identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service -account token. As the token approaches expiration, the kubelet volume -plugin will proactively rotate the service account token. The kubelet will -start trying to rotate the token if the token is older than 80 percent of -its time to live or if the token is older than 24 hours.Defaults to 1 hour -and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services -specified as a string as host:port pair (multiple entries are separated with commas) -which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
 true
group string - group to map volume access to -Default is no group
+ group to map volume access to Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. -Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend -Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to -Defaults to serivceaccount user
+ user to map volume access to Defaults to serivceaccount user
 false
@@ -23689,73 +17586,56 @@ More info: https://examples.k8s.io/volumes/rbd/README.md @@ -23767,10 +17647,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. -Default is /etc/ceph/keyring. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. -Default is rbd. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. -Default is admin. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -23785,9 +17662,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -23821,8 +17696,7 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -23836,10 +17710,7 @@ sensitive information. If this is not provided, Login operation will fail.
 @@ -23853,8 +17724,7 @@ Default is "xfs".
 @@ -23868,8 +17738,7 @@ the ReadOnly setting in VolumeMounts.
 @@ -23883,8 +17752,7 @@ Default is ThinProvisioned.
 @@ -23896,8 +17764,7 @@ that is associated with this volume source.
-secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". -Default is "xfs".
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. -Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system -that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
 false
@@ -23912,9 +17779,7 @@ sensitive information. If this is not provided, Login operation will fail. @@ -23926,8 +17791,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -23942,13 +17806,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -23957,13 +17815,7 @@ mode, like fsGroup, and the result can be other mode bits set.
 @@ -23977,8 +17829,7 @@ relative and may not contain the '..' path or start with '..'.
 @@ -24012,22 +17863,14 @@ Maps a string key to a path within a volume. @@ -24056,45 +17899,35 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -24106,8 +17939,7 @@ Namespaces that do not pre-exist within StorageOS will be created.
-secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values -for mode bits. Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume -names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no -namespace is specified then the Pod's namespace will be used. This allows the -Kubernetes name scoping to be mirrored within StorageOS for tighter integration. -Set VolumeName to any name to override the default behaviour. -Set to "default" if you are not using namespaces within StorageOS. -Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -24122,9 +17954,7 @@ credentials. If not specified, default values will be attempted. @@ -24158,9 +17988,7 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -24208,16 +18036,14 @@ DcgmExporterStatus defines the observed state of DcgmExporter. @@ -24260,8 +18086,7 @@ Scale is the DcgmExporter's scale subresource status. @@ -24270,17 +18095,14 @@ AmazonCloudWatchAgent's deployment or statefulSet.
 @@ -24374,9 +18196,7 @@ InstrumentationSpec defines the desired state of OpenTelemetry SDK and instrumen @@ -24390,10 +18210,7 @@ If the former var had been defined, then the other vars would be ignored.
 @@ -24421,9 +18238,7 @@ Failure to set this value causes instrumentation injection to abort, leaving the @@ -24471,26 +18286,21 @@ ApacheHttpd defines configuration for Apache HTTPD auto-instrumentation. @@ -24518,8 +18328,7 @@ If the former var had been defined, then the other vars would be ignored.
 @@ -24553,15 +18362,7 @@ EnvVar represents an environment variable present in a Container. @@ -24602,16 +18403,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -24652,9 +18451,7 @@ Selects a key of a ConfigMap. @@ -24673,8 +18470,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. -Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. -Deprecated: use "DcgmExporter.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. Deprecated: use "DcgmExporter.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this -AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's -deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / -Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). -Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
 false
env []object - Env defines common env vars. There are four layers for env vars' definitions and -the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. -If the former var had been defined, then the other vars would be ignored.
+ Env defines common env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
 false
go object - Go defines configuration for Go auto-instrumentation. -When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the -Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. -Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
+ Go defines configuration for Go auto-instrumentation. When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
 false
propagators []enum - Propagators defines inter-process context propagation configuration. -Values in this list will be set in the OTEL_PROPAGATORS env var. -Enum=tracecontext;baggage;b3;b3multi;jaeger;xray;ottrace;none
+ Propagators defines inter-process context propagation configuration. Values in this list will be set in the OTEL_PROPAGATORS env var. Enum=tracecontext;baggage;b3;b3multi;jaeger;xray;ottrace;none
 false
attrs []object - Attrs defines Apache HTTPD agent specific attributes. The precedence is: -`agent default attributes` > `instrument spec attributes` . -Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
+ Attrs defines Apache HTTPD agent specific attributes. The precedence is: `agent default attributes` > `instrument spec attributes` . Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
 false
configPath string - Location of Apache HTTPD server configuration. -Needed only if different from default "/usr/local/apache2/conf"
+ Location of Apache HTTPD server configuration. Needed only if different from default "/usr/local/apache2/conf"
 false
env []object - Env defines Apache HTTPD specific env vars. There are four layers for env vars' definitions and -the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. -If the former var had been defined, then the other vars would be ignored.
+ Env defines Apache HTTPD specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. -The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -24708,8 +18504,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -24772,9 +18567,7 @@ Selects a key of a secret in the pod's namespace @@ -24815,15 +18608,7 @@ EnvVar represents an environment variable present in a Container. @@ -24864,16 +18649,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -24914,9 +18697,7 @@ Selects a key of a ConfigMap. @@ -24935,8 +18716,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -24970,8 +18750,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -25034,9 +18813,7 @@ Selects a key of a secret in the pod's namespace @@ -25070,33 +18847,23 @@ Resources describes the compute resource requirements. @@ -25123,9 +18890,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -25152,9 +18917,7 @@ DotNet defines configuration for DotNet auto-instrumentation. @@ -25175,8 +18938,7 @@ If the former var had been defined, then the other vars would be ignored.
 @@ -25210,15 +18972,7 @@ EnvVar represents an environment variable present in a Container. @@ -25259,16 +19013,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -25309,9 +19061,7 @@ Selects a key of a ConfigMap. @@ -25330,8 +19080,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
env []object - Env defines DotNet specific env vars. There are four layers for env vars' definitions and -the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. -If the former var had been defined, then the other vars would be ignored.
+ Env defines DotNet specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. -The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -25365,8 +19114,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -25429,9 +19177,7 @@ Selects a key of a secret in the pod's namespace @@ -25465,33 +19211,23 @@ Resources describes the compute resource requirements. @@ -25518,9 +19254,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -25554,15 +19288,7 @@ EnvVar represents an environment variable present in a Container. @@ -25603,16 +19329,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -25653,9 +19377,7 @@ Selects a key of a ConfigMap. @@ -25674,8 +19396,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -25709,8 +19430,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -25773,9 +19493,7 @@ Selects a key of a secret in the pod's namespace @@ -25821,10 +19539,7 @@ Exporter defines exporter configuration. -Go defines configuration for Go auto-instrumentation. -When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the -Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. -Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged. +Go defines configuration for Go auto-instrumentation. When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -25839,9 +19554,7 @@ Failure to set this value causes instrumentation injection to abort, leaving the @@ -25862,8 +19575,7 @@ If the former var had been defined, then the other vars would be ignored.
 @@ -25897,15 +19609,7 @@ EnvVar represents an environment variable present in a Container. @@ -25946,16 +19650,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -25996,9 +19698,7 @@ Selects a key of a ConfigMap. @@ -26017,8 +19717,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
env []object - Env defines Go specific env vars. There are four layers for env vars' definitions and -the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. -If the former var had been defined, then the other vars would be ignored.
+ Env defines Go specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. -The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -26052,8 +19751,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -26116,9 +19814,7 @@ Selects a key of a secret in the pod's namespace @@ -26152,33 +19848,23 @@ Resources describes the compute resource requirements. @@ -26205,9 +19891,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -26234,9 +19918,7 @@ Java defines configuration for java auto-instrumentation. @@ -26257,8 +19939,7 @@ If the former var had been defined, then the other vars would be ignored.
 @@ -26292,15 +19973,7 @@ EnvVar represents an environment variable present in a Container. @@ -26341,16 +20014,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -26391,9 +20062,7 @@ Selects a key of a ConfigMap. @@ -26412,8 +20081,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
env []object - Env defines java specific env vars. There are four layers for env vars' definitions and -the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. -If the former var had been defined, then the other vars would be ignored.
+ Env defines java specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. -The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -26447,8 +20115,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -26511,9 +20178,7 @@ Selects a key of a secret in the pod's namespace @@ -26547,33 +20212,23 @@ Resources describes the compute resource requirements. @@ -26600,9 +20255,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -26629,26 +20282,21 @@ Nginx defines configuration for Nginx auto-instrumentation. @@ -26669,8 +20317,7 @@ If the former var had been defined, then the other vars would be ignored.
 @@ -26704,15 +20351,7 @@ EnvVar represents an environment variable present in a Container. @@ -26753,16 +20392,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -26803,9 +20440,7 @@ Selects a key of a ConfigMap. @@ -26824,8 +20459,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
attrs []object - Attrs defines Nginx agent specific attributes. The precedence order is: -`agent default attributes` > `instrument spec attributes` . -Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
+ Attrs defines Nginx agent specific attributes. The precedence order is: `agent default attributes` > `instrument spec attributes` . Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
 false
configFile string - Location of Nginx configuration file. -Needed only if different from default "/etx/nginx/nginx.conf"
+ Location of Nginx configuration file. Needed only if different from default "/etx/nginx/nginx.conf"
 false
env []object - Env defines Nginx specific env vars. There are four layers for env vars' definitions and -the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. -If the former var had been defined, then the other vars would be ignored.
+ Env defines Nginx specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. -The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -26859,8 +20493,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -26923,9 +20556,7 @@ Selects a key of a secret in the pod's namespace @@ -26966,15 +20597,7 @@ EnvVar represents an environment variable present in a Container. @@ -27015,16 +20638,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -27065,9 +20686,7 @@ Selects a key of a ConfigMap. @@ -27086,8 +20705,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -27121,8 +20739,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -27185,9 +20802,7 @@ Selects a key of a secret in the pod's namespace @@ -27221,33 +20836,23 @@ Resources describes the compute resource requirements. @@ -27274,9 +20879,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -27303,9 +20906,7 @@ NodeJS defines configuration for nodejs auto-instrumentation. @@ -27326,8 +20927,7 @@ If the former var had been defined, then the other vars would be ignored.
 @@ -27361,15 +20961,7 @@ EnvVar represents an environment variable present in a Container. @@ -27410,16 +21002,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -27460,9 +21050,7 @@ Selects a key of a ConfigMap. @@ -27481,8 +21069,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
env []object - Env defines nodejs specific env vars. There are four layers for env vars' definitions and -the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. -If the former var had been defined, then the other vars would be ignored.
+ Env defines nodejs specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. -The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -27516,8 +21103,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -27580,9 +21166,7 @@ Selects a key of a secret in the pod's namespace @@ -27616,33 +21200,23 @@ Resources describes the compute resource requirements. @@ -27669,9 +21243,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -27698,9 +21270,7 @@ Python defines configuration for python auto-instrumentation. @@ -27721,8 +21291,7 @@ If the former var had been defined, then the other vars would be ignored.
 @@ -27756,15 +21325,7 @@ EnvVar represents an environment variable present in a Container. @@ -27805,16 +21366,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -27855,9 +21414,7 @@ Selects a key of a ConfigMap. @@ -27876,8 +21433,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
env []object - Env defines python specific env vars. There are four layers for env vars' definitions and -the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. -If the former var had been defined, then the other vars would be ignored.
+ Env defines python specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. -The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -27911,8 +21467,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -27975,9 +21530,7 @@ Selects a key of a secret in the pod's namespace @@ -28011,33 +21564,23 @@ Resources describes the compute resource requirements. @@ -28064,9 +21607,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -28100,8 +21641,7 @@ Resource defines the configuration for the resource attributes, as defined by th @@ -28128,19 +21668,14 @@ Sampler defines sampling configuration. @@ -28236,22 +21771,14 @@ NeuronMonitorSpec defines the desired state of NeuronMonitor. @@ -28272,17 +21799,14 @@ consumed in the config file for the Collector.
 @@ -28296,33 +21820,16 @@ used to open additional ports that can't be inferred by the operator, like for c - - - - - @@ -28404,26 +21911,14 @@ Describes node affinity scheduling rules for the pod. @@ -28435,8 +21930,7 @@ may or may not try to eventually evict the pod from its node.
-An empty preferred scheduling term matches all objects with implicit weight 0 -(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
resourceAttributes map[string]string - Attributes defines attributes that are added to the resource. -For example environment: dev
+ Attributes defines attributes that are added to the resource. For example environment: dev
 false
argument string - Argument defines sampler argument. -The value depends on the sampler type. -For instance for parentbased_traceidratio sampler type it is a number in range [0..1] e.g. 0.25. -The value will be set in the OTEL_TRACES_SAMPLER_ARG env var.
+ Argument defines sampler argument. The value depends on the sampler type. For instance for parentbased_traceidratio sampler type it is a number in range [0..1] e.g. 0.25. The value will be set in the OTEL_TRACES_SAMPLER_ARG env var.
 false
type enum - Type defines sampler type. -The value will be set in the OTEL_TRACES_SAMPLER env var. -The value can be for instance parentbased_always_on, parentbased_always_off, parentbased_traceidratio...
+ Type defines sampler type. The value will be set in the OTEL_TRACES_SAMPLER env var. The value can be for instance parentbased_always_on, parentbased_always_off, parentbased_traceidratio...

Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray
command []string - Entrypoint array. Not executed within a shell. -The container image's ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object - ENV vars to set on the Neuron Monitor Exporter Pods. These can then in certain cases be -consumed in the config file for the Collector.
+ ENV vars to set on the Neuron Monitor Exporter Pods. These can then in certain cases be consumed in the config file for the Collector.
 false
nodeSelector map[string]string - NodeSelector to schedule Neuron Monitor Exporter pods. -This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule Neuron Monitor Exporter pods. This is only relevant to daemonset, statefulset, and deployment mode
 false
ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator -will attempt to infer the required ports by parsing the .Spec.Config property but this property can be -used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
 false
securityContext object - SecurityContext configures the container security context for -the amazon-cloudwatch-agent container. - - -In deployment, daemonset, or statefulset mode, this controls -the security context settings for the primary application -container. - - -In sidecar mode, this controls the security context for the -injected sidecar container.
+ SecurityContext configures the container security context for the amazon-cloudwatch-agent container. + In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. + In sidecar mode, this controls the security context for the injected sidecar container.
 false
serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, -the operator will not automatically create a ServiceAccount for the collector.
- 		false
tolerations[]object - Toleration to schedule Neuron Monitor Exporter pods. -This is only relevant to daemonset, statefulset, and deployment mode
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node matches the corresponding matchExpressions; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
 false
@@ -28506,8 +22000,7 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
@@ -28529,19 +22022,14 @@ that relates the key and values. @@ -28553,8 +22041,7 @@ This array is replaced during a strategic merge patch.
-A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -28576,19 +22063,14 @@ that relates the key and values. @@ -28600,11 +22082,7 @@ This array is replaced during a strategic merge patch.
-If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -28631,9 +22109,7 @@ may or may not try to eventually evict the pod from its node. -A null or empty node selector term matches no objects. The requirements of -them are ANDed. -The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -28667,8 +22143,7 @@ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
@@ -28690,19 +22165,14 @@ that relates the key and values. @@ -28714,8 +22184,7 @@ This array is replaced during a strategic merge patch.
-A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
@@ -28737,19 +22206,14 @@ that relates the key and values. @@ -28776,28 +22240,14 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -28831,8 +22281,7 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -28861,70 +22310,42 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -28936,8 +22357,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -28959,9 +22379,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -28973,8 +22391,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -28996,18 +22413,14 @@ relates the key and values. @@ -29019,11 +22432,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -29045,9 +22454,7 @@ An empty selector ({}) matches all namespaces. @@ -29059,8 +22466,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -29082,18 +22488,14 @@ relates the key and values. @@ -29105,12 +22507,7 @@ merge patch.
-Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -29125,70 +22522,42 @@ a pod of the set of pods is running @@ -29200,8 +22569,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -29223,9 +22591,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -29237,8 +22603,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -29260,18 +22625,14 @@ relates the key and values. @@ -29283,11 +22644,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -29309,9 +22666,7 @@ An empty selector ({}) matches all namespaces. @@ -29323,8 +22678,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -29346,18 +22700,14 @@ relates the key and values. @@ -29384,28 +22734,14 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -29439,8 +22775,7 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -29469,70 +22804,42 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -29544,8 +22851,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy -the anti-affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the anti-affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -29567,9 +22873,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -29581,8 +22885,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -29604,18 +22907,14 @@ relates the key and values. @@ -29627,11 +22926,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -29653,9 +22948,7 @@ An empty selector ({}) matches all namespaces. @@ -29667,8 +22960,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -29690,18 +22982,14 @@ relates the key and values. @@ -29713,12 +23001,7 @@ merge patch.
-Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -29733,70 +23016,42 @@ a pod of the set of pods is running @@ -29808,8 +23063,7 @@ null or empty namespaces list and null namespaceSelector means "this pod's names -A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. -If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -Also, MatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will -be taken into consideration. The keys are used to lookup values from the -incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` -to select the group of existing pods which pods will be taken into consideration -for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming -pod labels will be ignored. The default value is empty. -The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. -Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. -This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -29831,9 +23085,7 @@ If it's null, this PodAffinityTerm matches with no Pods. @@ -29845,8 +23097,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -29868,18 +23119,14 @@ relates the key and values. @@ -29891,11 +23138,7 @@ merge patch.
-A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -29917,9 +23160,7 @@ An empty selector ({}) matches all namespaces. @@ -29931,8 +23172,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -29954,18 +23194,14 @@ relates the key and values. @@ -29999,15 +23235,7 @@ EnvVar represents an environment variable present in a Container. @@ -30048,16 +23276,14 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -30098,9 +23324,7 @@ Selects a key of a ConfigMap. @@ -30119,8 +23343,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
value string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -30154,8 +23377,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -30218,9 +23440,7 @@ Selects a key of a secret in the pod's namespace @@ -30263,50 +23483,24 @@ ServicePort contains information on service's port. @@ -30315,8 +23509,7 @@ More info: https://kubernetes.io/docs/concepts/services-networking/service/#type @@ -30325,14 +23518,7 @@ Default is TCP.
 @@ -30359,33 +23545,23 @@ Resources to set on the Neuron Monitor Exporter pods. @@ -30412,9 +23588,7 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -30426,17 +23600,9 @@ inside a container.
-SecurityContext configures the container security context for -the amazon-cloudwatch-agent container. - - -In deployment, daemonset, or statefulset mode, this controls -the security context settings for the primary application -container. - - -In sidecar mode, this controls the security context for the -injected sidecar container. +SecurityContext configures the container security context for the amazon-cloudwatch-agent container. + In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. + In sidecar mode, this controls the security context for the injected sidecar container.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
appProtocol string - The application protocol for this port. -This is used as a hint for implementations to offer richer behavior for protocols that they understand. -This field follows standard Kubernetes label syntax. -Valid values are either: - - -* Un-prefixed protocol names - reserved for IANA standard service names (as per -RFC-6335 and https://www.iana.org/assignments/service-names). - - -* Kubernetes-defined prefixed names: - * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- - * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - - -* Other protocols should use implementation-defined prefixed names such as -mycompany.com/my-custom-protocol.
+ The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: + * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). + * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. -All ports within a ServiceSpec must have unique names. When considering -the endpoints for a Service, this must match the 'name' field in the -EndpointPort. -Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is -NodePort or LoadBalancer. Usually assigned by the system. If a value is -specified, in-range, and not in use it will be used, otherwise the -operation will fail. If not specified, a port will be allocated if this -Service requires one. If this field is specified when creating a -Service which does not need it, creation will fail. This field will be -wiped when updating a Service to no longer need it (e.g. changing type -from NodePort to ClusterIP). -More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". -Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. -Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. -If this is a string, it will be looked up as a named port in the -target Pod's container ports. If this is not specified, the value -of the 'port' field is used (an identity map). -This field is ignored for services with clusterIP=None, and should be -omitted or set equal to the 'port' field. -More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
@@ -30451,63 +23617,42 @@ injected sidecar container. @@ -30516,23 +23661,14 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -30541,31 +23677,21 @@ Note that this field cannot be set when spec.os.name is windows.
 @@ -30577,9 +23703,7 @@ Note that this field cannot be set when spec.os.name is linux.
-The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more -privileges than its parent process. This bool directly controls if -the no_new_privs flag will be set on the container process. -AllowPrivilegeEscalation is true always when the container is: -1) run as Privileged -2) has CAP_SYS_ADMIN -Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. -Processes in privileged containers are essentially equivalent to root on the host. -Defaults to false. -Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for -readonly paths and masked paths. -This requires the ProcMountType feature flag to be enabled. -Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. -Default is false. -Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
 false
@@ -30613,11 +23737,7 @@ Note that this field cannot be set when spec.os.name is windows. -The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
@@ -30665,10 +23785,7 @@ Note that this field cannot be set when spec.os.name is windows. -The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
@@ -30683,23 +23800,15 @@ Note that this field cannot be set when spec.os.name is windows. @@ -30711,10 +23820,7 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
-The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. Valid options are: + Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -30729,9 +23835,7 @@ Note that this field cannot be set when spec.os.name is linux. @@ -30745,87 +23849,14 @@ GMSA credential spec named by the GMSACredentialSpecName field.
 - - -
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
- 		false
- - -### NeuronMonitor.spec.tolerations[index] -[↩ Parent](#neuronmonitorspec) - - - -The pod this Toleration is attached to tolerates any taint that matches -the triple using the matching operator . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -30852,8 +23883,7 @@ VolumeMount describes a mounting of a Volume within a container. @@ -30867,36 +23897,28 @@ not contain ':'.
@@ -30923,18 +23945,14 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -30962,8 +23980,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst @@ -30991,42 +24008,18 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
@@ -31040,8 +24033,7 @@ persistent volumes at the same time.
@@ -31055,67 +24047,49 @@ provisioned/attached using an exec based plugin.
@@ -31150,8 +24124,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -31165,8 +24138,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md
@@ -31192,9 +24164,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
NameTypeDescriptionRequired
effectstring - Effect indicates the taint effect to match. Empty means match all taint effects. -When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- 		false
keystring - Key is the taint key that the toleration applies to. Empty means match all taint keys. -If the key is empty, operator must be Exists; this combination means to match all values and all keys.
- 		false
operatorstring - Operator represents a key's relationship to the value. -Valid operators are Exists and Equal. Defaults to Equal. -Exists is equivalent to wildcard for value, so that a pod can -tolerate all taints of a particular category.
- 		false
tolerationSecondsinteger - TolerationSeconds represents the period of time the toleration (which must be -of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, -it is not set, which means tolerate the taint forever (do not evict). Zero and -negative values will be treated as 0 (evict immediately) by the system.
-
- Format: int64
- 		false
valuestring - Value is the taint value the toleration matches to. -If the operator is Exists, the value should be empty, otherwise just a regular string.
+ The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
mountPath string - Path within the container at which the volume should be mounted. Must -not contain ':'.
+ Path within the container at which the volume should be mounted. Must not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host -to container and the other way around. -When not set, MountPropagationNone is used. -This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). -Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. -Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. -Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. -Defaults to "" (volume's root). -SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
 false
name string - name of the volume. -Must be a DNS_LABEL and unique within the pod. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 true
awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - -Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. - - -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. - - -A pod can use both types of ephemeral volumes and -persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time.
 false
flexVolume object - flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
 false
gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
gitRepo object - gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container.
+ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
 false
glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
hostPath object - hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
 false
iscsi object - iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
 false
secret object - secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
@@ -31209,29 +24179,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst @@ -31240,8 +24202,7 @@ Similarly, the volume partition for /dev/sda is "0" (or you can leave the proper @@ -31289,9 +24250,7 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -31305,8 +24264,7 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
@@ -31347,8 +24305,7 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -31375,8 +24332,7 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -31390,33 +24346,28 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
@@ -31428,8 +24379,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -31444,9 +24394,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -31458,8 +24406,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -31474,35 +24421,28 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md @@ -31514,8 +24454,7 @@ to OpenStack.
-secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
 false
@@ -31530,9 +24469,7 @@ to OpenStack. @@ -31559,13 +24496,7 @@ configMap represents a configMap that should populate this volume @@ -31574,22 +24505,14 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -31630,22 +24553,14 @@ Maps a string key to a path within a volume. @@ -31674,44 +24589,35 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -31723,11 +24629,7 @@ driver. Consult your driver's documentation for supported values.
-nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 items []object - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. -Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". -If not provided, the empty value is passed to the associated CSI driver -which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. -Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI -driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
 false
@@ -31742,9 +24644,7 @@ secret object contains more than one secret, all secret references are passed. @@ -31771,14 +24671,7 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -31828,12 +24721,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -31842,8 +24730,7 @@ mode, like fsGroup, and the result can be other mode bits set.
@@ -31889,8 +24776,7 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a -Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -31931,8 +24817,7 @@ Selects a resource of the container: only resources limits and requests -emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -31947,22 +24832,14 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -31974,34 +24851,11 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - -Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. - - -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. - - -A pod can use both types of ephemeral volumes and -persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. -The default is "" which means to use the node's default medium. -Must be an empty string (default) or Memory. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. -The size limit is also applicable for memory medium. -The maximum usage on memory medium EmptyDir would be the minimum value between -the SizeLimit specified here and the sum of memory limits of all containers in a pod. -The default is nil which means that the limit is undefined. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -32016,30 +24870,10 @@ persistent volumes at the same time. @@ -32051,30 +24885,10 @@ Required, must not be nil.
-Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil.
 false
@@ -32089,19 +24903,14 @@ Required, must not be nil. @@ -32113,10 +24922,7 @@ validation.
-The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here. +The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation.
+ May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
 false
@@ -32131,62 +24937,28 @@ are also valid here. @@ -32200,34 +24972,21 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour @@ -32246,14 +25005,7 @@ Value of Filesystem is implied when not included in claim spec.
-dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. -If specified, the CSI driver will create or update the volume with the attributes defined -in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, -it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass -will be applied to the claim but it's not allowed to reset this field to empty string once it is set. -If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass -will be set by the persistentvolume controller if it exists. -If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be -set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource -exists. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. -Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 false
@@ -32282,9 +25034,7 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour @@ -32296,29 +25046,7 @@ For any other third-party types, APIGroup is required.
-dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
@@ -32347,18 +25075,14 @@ There are three important differences between dataSource and dataSourceRef: @@ -32370,11 +25094,7 @@ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGr -resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced -Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. -(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -32389,18 +25109,14 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour @@ -32434,9 +25150,7 @@ selector is a label query over volumes to consider for binding. @@ -32448,8 +25162,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -32471,18 +25184,14 @@ relates the key and values. @@ -32494,9 +25203,7 @@ merge patch.
-May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation. +May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
@@ -32566,10 +25273,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -32585,8 +25289,7 @@ TODO: how do we prevent errors in the filesystem from compromising the machinereadOnly @@ -32600,8 +25303,7 @@ the ReadOnly setting in VolumeMounts.
 @@ -32613,8 +25315,7 @@ Either wwids or combination of targetWWNs and lun must be set, but not both simu -flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
 false
boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) -Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -32636,9 +25337,7 @@ provisioned/attached using an exec based plugin. @@ -32652,19 +25351,14 @@ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.< @@ -32676,11 +25370,7 @@ scripts.
-secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts. +secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
 false
@@ -32695,9 +25385,7 @@ scripts. @@ -32724,8 +25412,7 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -32744,9 +25431,7 @@ should be considered as deprecated
-gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker -should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
 false
@@ -32761,30 +25446,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -32793,9 +25469,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -32807,10 +25481,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container. +gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -32832,10 +25503,7 @@ into the Pod's container. @@ -32854,8 +25522,7 @@ the subdirectory with the given name.
-glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. -Must not contain or start with '..'. If '.' is supplied, the volume directory will be the -git repository. Otherwise, if specified, the volume will contain the git repository in -the subdirectory with the given name.
+ directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
 false
@@ -32870,25 +25537,21 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md @@ -32900,14 +25563,7 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. -Defaults to false. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -32922,18 +25578,14 @@ mount host directories as read/write. @@ -32945,9 +25597,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. -If the path is a symlink, it will follow the link to the real path. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume -Defaults to "" -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -32978,8 +25628,7 @@ More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -33000,44 +25649,35 @@ is other than default (typically TCP ports 860 and 3260).
 @@ -33071,9 +25711,7 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -33085,8 +25723,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. -If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface -: will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. -Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -33101,25 +25738,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs @@ -33131,9 +25764,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -33148,16 +25779,14 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis @@ -33191,9 +25820,7 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -33227,17 +25854,14 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -33264,12 +25888,7 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -33305,22 +25924,10 @@ Projection that may be projected along with other supported volume types @@ -33360,22 +25967,10 @@ may change the order over time.
-ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field -of ClusterTrustBundle objects in an auto-updating file. - - -Alpha, gated by the ClusterTrustBundleProjection feature gate. - - -ClusterTrustBundle objects can either be selected by name, or by the -combination of signer name and a label selector. - - -Kubelet performs aggressive normalization of the PEM contents written -into the pod filesystem. Esoteric PEM features such as inter-block -comments and block headers are stripped. Certificates are deduplicated. -The ordering of certificates within the file is arbitrary, and Kubelet -may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + Alpha, gated by the ClusterTrustBundleProjection feature gate. + ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. -Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
 false
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundle object - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field -of ClusterTrustBundle objects in an auto-updating file. - - -Alpha, gated by the ClusterTrustBundleProjection feature gate. - - -ClusterTrustBundle objects can either be selected by name, or by the -combination of signer name and a label selector. - - -Kubelet performs aggressive normalization of the PEM contents written -into the pod filesystem. Esoteric PEM features such as inter-block -comments and block headers are stripped. Certificates are deduplicated. -The ordering of certificates within the file is arbitrary, and Kubelet -may change the order over time.
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. + Alpha, gated by the ClusterTrustBundleProjection feature gate. + ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. + Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
 false
@@ -33397,38 +25992,28 @@ may change the order over time. @@ -33440,10 +26025,7 @@ ClusterTrustBundles will be unified and deduplicated.
-Select all ClusterTrustBundles that match this label selector. Only has -effect if signerName is set. Mutually-exclusive with name. If unset, -interpreted as "match nothing". If set but empty, interpreted as "match -everything". +Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has -effect if signerName is set. Mutually-exclusive with name. If unset, -interpreted as "match nothing". If set but empty, interpreted as "match -everything".
+ Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive -with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) -aren't available. If using name, then the named ClusterTrustBundle is -allowed not to exist. If using signerName, then the combination of -signerName and labelSelector is allowed to match zero -ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. -Mutually-exclusive with name. The contents of all selected -ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
 false
@@ -33465,9 +26047,7 @@ everything". @@ -33479,8 +26059,7 @@ operator is "In", and the values array contains only "value". The requirements a -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -33502,18 +26081,14 @@ relates the key and values. @@ -33540,22 +26115,14 @@ configMap information about the configMap data to project @@ -33596,22 +26163,14 @@ Maps a string key to a path within a volume. @@ -33681,12 +26240,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -33695,8 +26249,7 @@ mode, like fsGroup, and the result can be other mode bits set.
 @@ -33742,8 +26295,7 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -33799,22 +26351,14 @@ secret information about the secret data to project @@ -33855,22 +26399,14 @@ Maps a string key to a path within a volume. @@ -33899,30 +26435,21 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -33951,9 +26478,7 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -33967,32 +26492,28 @@ which acts as the central registry for volumes
 @@ -34004,8 +26525,7 @@ Defaults to serivceaccount user
-rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the -token into.
+ path is the path relative to the mount point of the file to project the token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token -must identify itself with an identifier specified in the audience of the -token, and otherwise should reject the token. The audience defaults to the -identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service -account token. As the token approaches expiration, the kubelet volume -plugin will proactively rotate the service account token. The kubelet will -start trying to rotate the token if the token is older than 80 percent of -its time to live or if the token is older than 24 hours.Defaults to 1 hour -and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services -specified as a string as host:port pair (multiple entries are separated with commas) -which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
 true
group string - group to map volume access to -Default is no group
+ group to map volume access to Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. -Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend -Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to -Defaults to serivceaccount user
+ user to map volume access to Defaults to serivceaccount user
 false
@@ -34020,73 +26540,56 @@ More info: https://examples.k8s.io/volumes/rbd/README.md @@ -34098,10 +26601,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. -Default is /etc/ceph/keyring. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. -Default is rbd. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. -Default is admin. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -34116,9 +26616,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -34152,8 +26650,7 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -34167,10 +26664,7 @@ sensitive information. If this is not provided, Login operation will fail.
 @@ -34184,8 +26678,7 @@ Default is "xfs".
 @@ -34199,8 +26692,7 @@ the ReadOnly setting in VolumeMounts.
 @@ -34214,8 +26706,7 @@ Default is ThinProvisioned.
 @@ -34227,8 +26718,7 @@ that is associated with this volume source.
-secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". -Default is "xfs".
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. -Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system -that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
 false
@@ -34243,9 +26733,7 @@ sensitive information. If this is not provided, Login operation will fail. @@ -34257,8 +26745,7 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -34273,13 +26760,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -34288,13 +26769,7 @@ mode, like fsGroup, and the result can be other mode bits set.
 @@ -34308,8 +26783,7 @@ relative and may not contain the '..' path or start with '..'.
 @@ -34343,22 +26817,14 @@ Maps a string key to a path within a volume. @@ -34387,45 +26853,35 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -34437,8 +26893,7 @@ Namespaces that do not pre-exist within StorageOS will be created.
-secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values -for mode bits. Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume -names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no -namespace is specified then the Pod's namespace will be used. This allows the -Kubernetes name scoping to be mirrored within StorageOS for tighter integration. -Set VolumeName to any name to override the default behaviour. -Set to "default" if you are not using namespaces within StorageOS. -Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -34453,9 +26908,7 @@ credentials. If not specified, default values will be attempted. @@ -34489,9 +26942,7 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -34539,16 +26990,14 @@ NeuronMonitorStatus defines the observed state of NeuronMonitor. @@ -34591,8 +27040,7 @@ Scale is the NeuronMonitor's scale subresource status. @@ -34601,17 +27049,14 @@ AmazonCloudWatchAgent's deployment or statefulSet.
 From ec14fe5070dcbca409f7dd4756c8c9bf0c18da99 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 19:21:37 -0400 Subject: [PATCH 13/99] Revert "Updated webhooks." This reverts commit 15a2e2b4de2cd90b5cc37cca0ec13a993157c0b2. --- apis/v1alpha1/collector_webhook.go | 26 ---------------------- apis/v1alpha1/collector_webhook_test.go | 29 ------------------------- 2 files changed, 55 deletions(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 0a1922727..3ce5de731 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -6,8 +6,6 @@ package v1alpha1 import ( "context" "fmt" - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" "github.com/go-logr/logr" autoscalingv2 "k8s.io/api/autoscaling/v2" @@ -89,9 +87,6 @@ func (c CollectorWebhook) defaulter(r *AmazonCloudWatchAgent) error { if r.Spec.Replicas == nil { r.Spec.Replicas = &one } - if r.Spec.TargetAllocator.Enabled && r.Spec.TargetAllocator.Replicas == nil { - r.Spec.TargetAllocator.Replicas = &one - } if r.Spec.MaxReplicas != nil || (r.Spec.Autoscaler != nil && r.Spec.Autoscaler.MaxReplicas != nil) { if r.Spec.Autoscaler == nil { @@ -168,27 +163,6 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'AdditionalContainers'", r.Spec.Mode) } - // validate target allocation - if r.Spec.TargetAllocator.Enabled && r.Spec.Mode != ModeStatefulSet { - return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the target allocation deployment", r.Spec.Mode) - } - - // validate Prometheus config for target allocation - if r.Spec.TargetAllocator.Enabled { - promCfg, err := ta.ConfigToPromConfig(r.Spec.Config) - if err != nil { - return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) - } - err = ta.ValidatePromConfig(promCfg, r.Spec.TargetAllocator.Enabled, featuregate.EnableTargetAllocatorRewrite.IsEnabled()) - if err != nil { - return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) - } - err = ta.ValidateTargetAllocatorConfig(r.Spec.TargetAllocator.PrometheusCR.Enabled, promCfg) - if err != nil { - return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) - } - } - // validator port config for _, p := range r.Spec.Ports { nameErrs := validation.IsValidPortName(p.Name) diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index 5e24240cc..55dc99932 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -273,7 +273,6 @@ func TestOTELColDefaultingWebhook(t *testing.T) { scheme: testScheme, cfg: config.New( config.WithCollectorImage("collector:v0.0.0"), - config.WithTargetAllocatorImage("ta:v0.0.0"), ), } ctx := context.Background() @@ -314,9 +313,6 @@ func TestOTELColValidatingWebhook(t *testing.T) { Replicas: &three, MaxReplicas: &five, UpgradeStrategy: "adhoc", - TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ - Enabled: true, - }, Config: `receivers: examplereceiver: endpoint: "0.0.0.0:12345" @@ -377,30 +373,6 @@ func TestOTELColValidatingWebhook(t *testing.T) { }, expectedErr: "does not support the attribute 'tolerations'", }, - { - name: "invalid mode with target allocator", - otelcol: AmazonCloudWatchAgent{ - Spec: AmazonCloudWatchAgentSpec{ - Mode: ModeDeployment, - TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ - Enabled: true, - }, - }, - }, - expectedErr: "does not support the target allocation deployment", - }, - { - name: "invalid target allocator config", - otelcol: AmazonCloudWatchAgent{ - Spec: AmazonCloudWatchAgentSpec{ - Mode: ModeStatefulSet, - TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ - Enabled: true, - }, - }, - }, - expectedErr: "the OpenTelemetry Spec Prometheus configuration is incorrect", - }, { name: "invalid port name", otelcol: AmazonCloudWatchAgent{ @@ -783,7 +755,6 @@ func TestOTELColValidatingWebhook(t *testing.T) { scheme: testScheme, cfg: config.New( config.WithCollectorImage("collector:v0.0.0"), - config.WithTargetAllocatorImage("ta:v0.0.0"), ), } ctx := context.Background() From d324ccfba31a0bbf52be7e7679e9a870e1d0a438 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 19:23:42 -0400 Subject: [PATCH 14/99] Replica if enabled. --- apis/v1alpha1/collector_webhook.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 3ce5de731..669efad96 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -87,6 +87,9 @@ func (c CollectorWebhook) defaulter(r *AmazonCloudWatchAgent) error { if r.Spec.Replicas == nil { r.Spec.Replicas = &one } + if r.Spec.TargetAllocator.Enabled && r.Spec.TargetAllocator.Replicas == nil { + r.Spec.TargetAllocator.Replicas = &one + } if r.Spec.MaxReplicas != nil || (r.Spec.Autoscaler != nil && r.Spec.Autoscaler.MaxReplicas != nil) { if r.Spec.Autoscaler == nil { From 2979609e5b8a2f3ecc227d91f9dc89c0797fab6a Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 19:25:04 -0400 Subject: [PATCH 15/99] Auto-generated. --- apis/v1alpha1/zz_generated.deepcopy.go | 4 +- apis/v1alpha2/zz_generated.deepcopy.go | 5 +- docs/api.md | 11087 +++++++++++++++++++---- 3 files changed, 9326 insertions(+), 1770 deletions(-) diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index e5f418b27..c43116dd8 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -7,9 +7,9 @@ package v1alpha1 import ( - "k8s.io/api/autoscaling/v2" + v2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" - "k8s.io/api/networking/v1" + v1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index e840621e9..2833a1325 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -7,9 +7,10 @@ package v1alpha2 import ( - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. diff --git a/docs/api.md b/docs/api.md index 0402e3a10..2756500c8 100644 --- a/docs/api.md +++ b/docs/api.md @@ -93,9 +93,20 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -116,7 +127,8 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -130,21 +142,25 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -172,14 +188,20 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -193,14 +215,16 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -219,7 +244,8 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -237,7 +263,8 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -251,36 +278,46 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -303,16 +340,32 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. + + + + + @@ -328,21 +381,28 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -379,7 +439,9 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. @@ -406,77 +468,119 @@ A single application container that you want to run within a pod. @@ -490,63 +594,108 @@ A single application container that you want to run within a pod. @@ -560,14 +709,18 @@ A single application container that you want to run within a pod. @@ -601,7 +754,15 @@ EnvVar represents an environment variable present in a Container. @@ -642,14 +803,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -690,7 +853,9 @@ Selects a key of a ConfigMap. @@ -709,7 +874,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. -Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. -Deprecated: use "NeuronMonitor.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. Deprecated: use "NeuronMonitor.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this -AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's -deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / -Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). -Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
 false
additionalContainers []object - AdditionalContainers allows injecting additional containers into the Collector's pod definition. These sidecar containers can be used for authentication proxies, log shipping sidecars, agents for shipping metrics to their cloud, or in general sidecars that do not support automatic injection. This option only applies to Deployment, DaemonSet, and StatefulSet deployment modes of the collector. It does not apply to the sidecar deployment mode. More info about sidecars: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - Container names managed by the operator: * `otc-container` - Overriding containers managed by the operator is outside the scope of what the maintainers will support and by doing so, you wil accept the risk of it breaking things.
+ AdditionalContainers allows injecting additional containers into the Collector's pod definition. +These sidecar containers can be used for authentication proxies, log shipping sidecars, agents for shipping +metrics to their cloud, or in general sidecars that do not support automatic injection. This option only +applies to Deployment, DaemonSet, and StatefulSet deployment modes of the collector. It does not apply to the sidecar +deployment mode. More info about sidecars: +https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + + +Container names managed by the operator: +* `otc-container` + + +Overriding containers managed by the operator is outside the scope of what the maintainers will support and by +doing so, you wil accept the risk of it breaking things.
 false
autoscaler object - Autoscaler specifies the pod autoscaling configuration to use for the AmazonCloudWatchAgent workload.
+ Autoscaler specifies the pod autoscaling configuration to use +for the AmazonCloudWatchAgent workload.
 false
configmaps []object - ConfigMaps is a list of ConfigMaps in the same namespace as the AmazonCloudWatchAgent object, which shall be mounted into the Collector Pods. Each ConfigMap will be added to the Collector's Deployments as a volume named `configmap-`.
+ ConfigMaps is a list of ConfigMaps in the same namespace as the AmazonCloudWatchAgent +object, which shall be mounted into the Collector Pods. +Each ConfigMap will be added to the Collector's Deployments as a volume named `configmap-`.
 false
env []object - ENV vars to set on the OpenTelemetry Collector's Pods. These can then in certain cases be consumed in the config file for the Collector.
+ ENV vars to set on the OpenTelemetry Collector's Pods. These can then in certain cases be +consumed in the config file for the Collector.
 false
envFrom []object - List of sources to populate environment variables on the OpenTelemetry Collector's Pods. These can then in certain cases be consumed in the config file for the Collector.
+ List of sources to populate environment variables on the OpenTelemetry Collector's Pods. +These can then in certain cases be consumed in the config file for the Collector.
 false
ingress object - Ingress is used to specify how OpenTelemetry Collector is exposed. This functionality is only available if one of the valid modes is set. Valid modes are: deployment, daemonset and statefulset.
+ Ingress is used to specify how OpenTelemetry Collector is exposed. This +functionality is only available if one of the valid modes is set. +Valid modes are: deployment, daemonset and statefulset.
 false
initContainers []object - InitContainers allows injecting initContainers to the Collector's pod definition. These init containers can be used to fetch secrets for injection into the configuration from external sources, run added checks, etc. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ InitContainers allows injecting initContainers to the Collector's pod definition. +These init containers can be used to fetch secrets for injection into the +configuration from external sources, run added checks, etc. Any errors during the execution of +an initContainer will lead to a restart of the Pod. More info: +https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 false
livenessProbe object - Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
+ Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. +It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
 false
managementState enum - ManagementState defines if the CR should be managed by the operator or not. Default is managed.
+ ManagementState defines if the CR should be managed by the operator or not. +Default is managed.

Enum: managed, unmanaged
Default: managed
@@ -210,7 +234,8 @@ AmazonCloudWatchAgentSpec defines the desired state of AmazonCloudWatchAgent. 		maxReplicas integer - MaxReplicas sets an upper bound to the autoscaling feature. If MaxReplicas is set autoscaling is enabled. Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" instead.
+ MaxReplicas sets an upper bound to the autoscaling feature. If MaxReplicas is set autoscaling is enabled. +Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MaxReplicas" instead.

Format: int32
minReplicas integer - MinReplicas sets a lower bound to the autoscaling feature. Set this if you are using autoscaling. It must be at least 1 Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.
+ MinReplicas sets a lower bound to the autoscaling feature. Set this if you are using autoscaling. It must be at least 1 +Deprecated: use "AmazonCloudWatchAgent.Spec.Autoscaler.MinReplicas" instead.

Format: int32
nodeSelector map[string]string - NodeSelector to schedule OpenTelemetry Collector pods. This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule OpenTelemetry Collector pods. +This is only relevant to daemonset, statefulset, and deployment mode
 false
podAnnotations map[string]string - PodAnnotations is the set of annotations that will be attached to Collector and Target Allocator pods.
+ PodAnnotations is the set of annotations that will be attached to +Collector and Target Allocator pods.
 false
podDisruptionBudget object - PodDisruptionBudget specifies the pod disruption budget configuration to use for the AmazonCloudWatchAgent workload.
+ PodDisruptionBudget specifies the pod disruption budget configuration to use +for the AmazonCloudWatchAgent workload.
 false
podSecurityContext object - PodSecurityContext configures the pod security context for the amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. - In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
+ PodSecurityContext configures the pod security context for the +amazon-cloudwatch-agent pod, when running as a deployment, daemonset, +or statefulset. + + +In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
 false
ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator +will attempt to infer the required ports by parsing the .Spec.Config property but this property can be +used to open additional ports that can't be inferred by the operator, like for custom receivers.
 false
priorityClassName string - If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
+ If specified, indicates the pod's priority. +If not specified, the pod priority will be default or zero if there is no +default.
 false
securityContext object - SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container.
+ SecurityContext configures the container security context for +the amazon-cloudwatch-agent container. + + +In deployment, daemonset, or statefulset mode, this controls +the security context settings for the primary application +container. + + +In sidecar mode, this controls the security context for the +injected sidecar container.
 false
serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, +the operator will not automatically create a ServiceAccount for the collector.
+ 		false
targetAllocatorobject + TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not.
 false
tolerations []object - Toleration to schedule OpenTelemetry Collector pods. This is only relevant to daemonset, statefulset, and deployment mode
+ Toleration to schedule OpenTelemetry Collector pods. +This is only relevant to daemonset, statefulset, and deployment mode
 false
topologySpreadConstraints []object - TopologySpreadConstraints embedded kubernetes pod configuration option, controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ This is only relevant to statefulset, and deployment mode
+ TopologySpreadConstraints embedded kubernetes pod configuration option, +controls how pods are spread across your cluster among failure-domains +such as regions, zones, nodes, and other user-defined topology domains +https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +This is only relevant to statefulset, and deployment mode
 false
updateStrategy object - UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec This is only applicable to Daemonset mode.
+ UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods +https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec +This is only applicable to Daemonset mode.
 false
workingDir string - WorkingDir represents Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ WorkingDir represents Container's working directory. If not specified, +the container runtime's default will be used, which might +be configured in the container image. Cannot be updated.
 false
name string - Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+ Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL). +Cannot be updated.
 true
args []string - Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Arguments to the entrypoint. +The container image's CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
command []string - Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object - List of environment variables to set in the container. Cannot be updated.
+ List of environment variables to set in the container. +Cannot be updated.
 false
envFrom []object - List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+ List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated.
 false
image string - Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+ Container image name. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
 false
imagePullPolicy string - Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
 false
lifecycle object - Actions that the management system should take in response to container lifecycle events. Cannot be updated.
+ Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
 false
livenessProbe object - Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
ports []object - List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+ List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated.
 false
readinessProbe object - Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
resources object - Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
restartPolicy string - RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+ RestartPolicy defines the restart behavior of individual containers in a pod. +This field may only be set for init containers, and the only allowed value is "Always". +For non-init containers or when this field is not specified, +the restart behavior is defined by the Pod's restart policy and the container type. +Setting the RestartPolicy as "Always" for the init container will have the following effect: +this init container will be continually restarted on +exit until all regular containers have terminated. Once all regular +containers have completed, all init containers with restartPolicy "Always" +will be shut down. This lifecycle differs from normal init containers and +is often referred to as a "sidecar" container. Although this init +container still starts in the init container sequence, it does not wait +for the container to complete before proceeding to the next init +container. Instead, the next init container starts immediately after this +init container is started, or after any startupProbe has successfully +completed.
 false
securityContext object - SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 false
startupProbe object - StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
stdin boolean - Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+ Whether this container should allocate a buffer for stdin in the container runtime. If this +is not set, reads from stdin in the container will always result in EOF. +Default is false.
 false
stdinOnce boolean - Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+ Whether the container runtime should close the stdin channel after it has been opened by +a single attach. When stdin is true the stdin stream will remain open across multiple attach +sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the +first client attaches to stdin, and then remains open and accepts data until the client disconnects, +at which time stdin is closed and remains closed until the container is restarted. If this +flag is false, a container processes that reads from stdin will never receive an EOF. +Default is false
 false
terminationMessagePath string - Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+ Optional: Path at which the file to which the container's termination message +will be written is mounted into the container's filesystem. +Message written is intended to be brief final status, such as an assertion failure message. +Will be truncated by the node if greater than 4096 bytes. The total message length across +all containers will be limited to 12kb. +Defaults to /dev/termination-log. +Cannot be updated.
 false
terminationMessagePolicy string - Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+ Indicate how the termination message should be populated. File will use the contents of +terminationMessagePath to populate the container status message on both success and failure. +FallbackToLogsOnError will use the last chunk of container log output if the termination +message file is empty and the container exited with an error. +The log output is limited to 2048 bytes or 80 lines, whichever is smaller. +Defaults to File. +Cannot be updated.
 false
tty boolean - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. +Default is false.
 false
volumeMounts []object - Pod volumes to mount into the container's filesystem. Cannot be updated.
+ Pod volumes to mount into the container's filesystem. +Cannot be updated.
 false
workingDir string - Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ Container's working directory. +If not specified, the container runtime's default will be used, which +might be configured in the container image. +Cannot be updated.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -743,7 +909,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -806,7 +973,9 @@ Selects a key of a secret in the pod's namespace @@ -881,7 +1050,9 @@ The ConfigMap to select from @@ -915,7 +1086,9 @@ The Secret to select from @@ -934,7 +1107,8 @@ The Secret to select from -Actions that the management system should take in response to container lifecycle events. Cannot be updated. +Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -949,14 +1123,25 @@ Actions that the management system should take in response to container lifecycl @@ -968,7 +1153,10 @@ Actions that the management system should take in response to container lifecycl -PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
postStart object - PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -1004,7 +1192,9 @@ PostStart is called immediately after a container is created. If the handler fai @@ -1031,7 +1221,11 @@ Exec specifies the action to take. @@ -1058,14 +1252,17 @@ HTTPGet specifies the http request to perform. @@ -1086,7 +1283,8 @@ HTTPGet specifies the http request to perform. @@ -1113,7 +1311,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1161,7 +1360,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -1176,7 +1377,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -1195,7 +1398,15 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -1231,7 +1442,9 @@ PreStop is called immediately before a container is terminated due to an API req @@ -1258,7 +1471,11 @@ Exec specifies the action to take. @@ -1285,14 +1502,17 @@ HTTPGet specifies the http request to perform. @@ -1313,7 +1533,8 @@ HTTPGet specifies the http request to perform. @@ -1340,7 +1561,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1388,7 +1610,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -1403,7 +1627,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -1422,7 +1648,10 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -1444,7 +1673,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1467,7 +1697,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1476,7 +1707,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1485,7 +1717,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1501,7 +1734,16 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1510,7 +1752,9 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -1539,7 +1783,11 @@ Exec specifies the action to take. @@ -1575,8 +1823,11 @@ GRPC specifies an action involving a GRPC port. @@ -1603,14 +1854,17 @@ HTTPGet specifies the http request to perform. @@ -1631,7 +1885,8 @@ HTTPGet specifies the http request to perform. @@ -1658,7 +1913,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -1692,7 +1948,9 @@ TCPSocket specifies an action involving a TCP port. @@ -1726,7 +1984,8 @@ ContainerPort represents a network port in a single container. @@ -1742,7 +2001,10 @@ ContainerPort represents a network port in a single container. @@ -1751,14 +2013,17 @@ ContainerPort represents a network port in a single container. @@ -1772,7 +2037,10 @@ ContainerPort represents a network port in a single container. -Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
containerPort integer - Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+ Number of port to expose on the pod's IP address. +This must be a valid port number, 0 < x < 65536.

Format: int32
hostPort integer - Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+ Number of port to expose on the host. +If specified, this must be a valid port number, 0 < x < 65536. +If HostNetwork is specified, this must match ContainerPort. +Most containers do not need this.

Format: int32
name string - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each +named port in a pod must have a unique name. Name for the port that can be +referred to by services.
 false
protocol string - Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+ Protocol for port. Must be UDP, TCP, or SCTP. +Defaults to "TCP".

Default: TCP
@@ -1794,7 +2062,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1817,7 +2086,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1826,7 +2096,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1835,7 +2106,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1851,7 +2123,16 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1860,7 +2141,9 @@ Periodic probe of container service readiness. Container will be removed from se @@ -1889,7 +2172,11 @@ Exec specifies the action to take. @@ -1925,8 +2212,11 @@ GRPC specifies an action involving a GRPC port. @@ -1953,14 +2243,17 @@ HTTPGet specifies the http request to perform. @@ -1981,7 +2274,8 @@ HTTPGet specifies the http request to perform. @@ -2008,7 +2302,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -2042,7 +2337,9 @@ TCPSocket specifies an action involving a TCP port. @@ -2076,14 +2373,16 @@ ContainerResizePolicy represents resource resize policy for the container. @@ -2095,7 +2394,9 @@ ContainerResizePolicy represents resource resize policy for the container. -Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
resourceName string - Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+ Name of the resource to which this resource resize policy applies. +Supported values: cpu, memory.
 true
restartPolicy string - Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+ Restart policy to apply when specified resource is resized. +If not specified, it defaults to NotRequired.
 true
@@ -2110,23 +2411,33 @@ Compute Resources required by this container. Cannot be updated. More info: http @@ -2153,7 +2464,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2165,7 +2478,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
@@ -2180,42 +2495,63 @@ SecurityContext defines the security options the container should be run with. I @@ -2224,14 +2560,23 @@ SecurityContext defines the security options the container should be run with. I @@ -2240,21 +2585,31 @@ SecurityContext defines the security options the container should be run with. I @@ -2266,7 +2621,9 @@ SecurityContext defines the security options the container should be run with. I -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -2300,7 +2657,11 @@ The capabilities to add/drop when running containers. Defaults to the default se -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
@@ -2348,7 +2709,10 @@ The SELinux context to be applied to the container. If unspecified, the containe -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
@@ -2363,15 +2727,23 @@ The seccomp options to use by this container. If seccomp options are provided at @@ -2383,7 +2755,10 @@ The seccomp options to use by this container. If seccomp options are provided at -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -2398,7 +2773,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -2412,14 +2789,20 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -2431,7 +2814,13 @@ The Windows specific settings applied to all containers. If unspecified, the opt -StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
@@ -2453,7 +2842,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2476,7 +2866,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2485,7 +2876,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2494,7 +2886,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2510,7 +2903,16 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2519,7 +2921,9 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -2548,7 +2952,11 @@ Exec specifies the action to take. @@ -2584,8 +2992,11 @@ GRPC specifies an action involving a GRPC port. @@ -2612,14 +3023,17 @@ HTTPGet specifies the http request to perform. @@ -2640,7 +3054,8 @@ HTTPGet specifies the http request to perform. @@ -2667,7 +3082,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -2701,7 +3117,9 @@ TCPSocket specifies an action involving a TCP port. @@ -2769,7 +3187,8 @@ VolumeMount describes a mounting of a Volume within a container. @@ -2783,28 +3202,36 @@ VolumeMount describes a mounting of a Volume within a container. @@ -2872,14 +3299,26 @@ Describes node affinity scheduling rules for the pod. @@ -2891,7 +3330,8 @@ Describes node affinity scheduling rules for the pod. -An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
 false
@@ -2961,7 +3401,8 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -2983,14 +3424,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -3002,7 +3448,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -3024,14 +3471,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -3043,7 +3495,11 @@ A node selector requirement is a selector that contains values, a key, and an op -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -3070,7 +3526,9 @@ If the affinity requirements specified by this field are not met at scheduling t -A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -3104,7 +3562,8 @@ A null or empty node selector term matches no objects. The requirements of them -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -3126,14 +3585,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -3145,7 +3609,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -3167,14 +3632,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -3201,14 +3671,28 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -3242,7 +3726,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -3271,42 +3756,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -3318,7 +3831,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -3340,7 +3854,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -3352,7 +3868,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3374,14 +3891,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3393,7 +3914,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3415,7 +3940,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -3427,7 +3954,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3449,14 +3977,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3468,7 +4000,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3483,42 +4020,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -3530,7 +4095,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -3552,7 +4118,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -3564,7 +4132,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3586,14 +4155,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3605,7 +4178,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3627,7 +4204,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -3639,7 +4218,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3661,14 +4241,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3695,14 +4279,28 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -3736,7 +4334,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -3765,42 +4364,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -3812,7 +4439,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -3834,7 +4462,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -3846,7 +4476,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3868,14 +4499,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3887,7 +4522,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3909,7 +4548,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -3921,7 +4562,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -3943,14 +4585,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -3962,7 +4608,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -3977,42 +4628,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -4024,7 +4703,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -4046,7 +4726,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -4058,7 +4740,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4080,14 +4763,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -4099,7 +4786,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -4121,7 +4812,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -4133,7 +4826,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4155,14 +4849,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -4174,7 +4872,8 @@ A label selector requirement is a selector that contains values, a key, and an o -Autoscaler specifies the pod autoscaling configuration to use for the AmazonCloudWatchAgent workload. +Autoscaler specifies the pod autoscaling configuration to use +for the AmazonCloudWatchAgent workload.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -4189,7 +4888,8 @@ Autoscaler specifies the pod autoscaling configuration to use for the AmazonClou @@ -4205,7 +4905,9 @@ Autoscaler specifies the pod autoscaling configuration to use for the AmazonClou @@ -4221,7 +4923,8 @@ Autoscaler specifies the pod autoscaling configuration to use for the AmazonClou @@ -4244,7 +4947,8 @@ Autoscaler specifies the pod autoscaling configuration to use for the AmazonClou -HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively). +HorizontalPodAutoscalerBehavior configures the scaling behavior of the target +in both Up and Down directions (scaleUp and scaleDown fields respectively).
behavior object - HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).
+ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target +in both Up and Down directions (scaleUp and scaleDown fields respectively).
 false
metrics []object - Metrics is meant to provide a customizable way to configure HPA metrics. currently the only supported custom metrics is type=Pod. Use TargetCPUUtilization or TargetMemoryUtilization instead if scaling on these common resource metrics.
+ Metrics is meant to provide a customizable way to configure HPA metrics. +currently the only supported custom metrics is type=Pod. +Use TargetCPUUtilization or TargetMemoryUtilization instead if scaling on these common resource metrics.
 false
targetCPUUtilization integer - TargetCPUUtilization sets the target average CPU used across all replicas. If average CPU exceeds this value, the HPA will scale up. Defaults to 90 percent.
+ TargetCPUUtilization sets the target average CPU used across all replicas. +If average CPU exceeds this value, the HPA will scale up. Defaults to 90 percent.

Format: int32
@@ -4259,14 +4963,21 @@ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in @@ -4278,7 +4989,10 @@ HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in -scaleDown is scaling policy for scaling Down. If not set, the default value is to allow to scale down to minReplicas pods, with a 300 second stabilization window (i.e., the highest recommendation for the last 300sec is used). +scaleDown is scaling policy for scaling Down. +If not set, the default value is to allow to scale down to minReplicas pods, with a +300 second stabilization window (i.e., the highest recommendation for +the last 300sec is used).
scaleDown object - scaleDown is scaling policy for scaling Down. If not set, the default value is to allow to scale down to minReplicas pods, with a 300 second stabilization window (i.e., the highest recommendation for the last 300sec is used).
+ scaleDown is scaling policy for scaling Down. +If not set, the default value is to allow to scale down to minReplicas pods, with a +300 second stabilization window (i.e., the highest recommendation for +the last 300sec is used).
 false
scaleUp object - scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: * increase no more than 4 pods per 60 seconds * double the number of pods per 60 seconds No stabilization is used.
+ scaleUp is scaling policy for scaling Up. +If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds +No stabilization is used.
 false
@@ -4293,21 +5007,28 @@ scaleDown is scaling policy for scaling Down. If not set, the default value is t @@ -4336,7 +5057,8 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -4352,7 +5074,8 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -4366,7 +5089,11 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in -scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: * increase no more than 4 pods per 60 seconds * double the number of pods per 60 seconds No stabilization is used. +scaleUp is scaling policy for scaling Up. +If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds +No stabilization is used.
policies []object - policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+ policies is a list of potential scaling polices which can be used during scaling. +At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
 false
selectPolicy string - selectPolicy is used to specify which policy should be used. If not set, the default value Max is used.
+ selectPolicy is used to specify which policy should be used. +If not set, the default value Max is used.
 false
stabilizationWindowSeconds integer - stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+ stabilizationWindowSeconds is the number of seconds for which past recommendations should be +considered while scaling up or scaling down. +StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). +If not set, use the default values: +- For scale up: 0 (i.e. no stabilization is done). +- For scale down: 300 (i.e. the stabilization window is 300 seconds long).

Format: int32
periodSeconds integer - periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+ periodSeconds specifies the window of time for which the policy should hold true. +PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).

Format: int32
value integer - value contains the amount of change which is permitted by the policy. It must be greater than zero
+ value contains the amount of change which is permitted by the policy. +It must be greater than zero

Format: int32
@@ -4381,21 +5108,28 @@ scaleUp is scaling policy for scaling Up. If not set, the default value is the h @@ -4424,7 +5158,8 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -4440,7 +5175,8 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in @@ -4454,7 +5190,9 @@ HPAScalingPolicy is a single policy which must hold true for a specified past in -MetricSpec defines a subset of metrics to be defined for the HPA's metric array more metric type can be supported as needed. See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec for reference. +MetricSpec defines a subset of metrics to be defined for the HPA's metric array +more metric type can be supported as needed. +See https://pkg.go.dev/k8s.io/api/autoscaling/v2#MetricSpec for reference.
policies []object - policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+ policies is a list of potential scaling polices which can be used during scaling. +At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
 false
selectPolicy string - selectPolicy is used to specify which policy should be used. If not set, the default value Max is used.
+ selectPolicy is used to specify which policy should be used. +If not set, the default value Max is used.
 false
stabilizationWindowSeconds integer - stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+ stabilizationWindowSeconds is the number of seconds for which past recommendations should be +considered while scaling up or scaling down. +StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). +If not set, use the default values: +- For scale up: 0 (i.e. no stabilization is done). +- For scale down: 300 (i.e. the stabilization window is 300 seconds long).

Format: int32
periodSeconds integer - periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+ periodSeconds specifies the window of time for which the policy should hold true. +PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).

Format: int32
value integer - value contains the amount of change which is permitted by the policy. It must be greater than zero
+ value contains the amount of change which is permitted by the policy. +It must be greater than zero

Format: int32
@@ -4476,7 +5214,10 @@ MetricSpec defines a subset of metrics to be defined for the HPA's metric array @@ -4488,7 +5229,10 @@ MetricSpec defines a subset of metrics to be defined for the HPA's metric array -PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value. +PodsMetricSource indicates how to scale on a metric describing each pod in +the current scale target (for example, transactions-processed-per-second). +The values will be averaged together before being compared to the target +value.
pods object - PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
+ PodsMetricSource indicates how to scale on a metric describing each pod in +the current scale target (for example, transactions-processed-per-second). +The values will be averaged together before being compared to the target +value.
 false
@@ -4544,7 +5288,9 @@ metric identifies the target metric by name and selector @@ -4556,7 +5302,9 @@ metric identifies the target metric by name and selector -selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics. +selector is the string-encoded form of a standard kubernetes label selector for the given metric +When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. +When unset, just the metricName will be used to gather metrics.
selector object - selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+ selector is the string-encoded form of a standard kubernetes label selector for the given metric +When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. +When unset, just the metricName will be used to gather metrics.
 false
@@ -4578,7 +5326,9 @@ selector is the string-encoded form of a standard kubernetes label selector for @@ -4590,7 +5340,8 @@ selector is the string-encoded form of a standard kubernetes label selector for -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -4612,14 +5363,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -4653,7 +5408,10 @@ target specifies the target value for the given metric @@ -4662,7 +5420,8 @@ target specifies the target value for the given metric @@ -4737,7 +5496,15 @@ EnvVar represents an environment variable present in a Container. @@ -4778,14 +5545,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -4826,7 +5595,9 @@ Selects a key of a ConfigMap. @@ -4845,7 +5616,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
averageUtilization integer - averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type
+ averageUtilization is the target value of the average of the +resource metric across all relevant pods, represented as a percentage of +the requested value of the resource for the pods. +Currently only valid for Resource metric source type

Format: int32
averageValue int or string - averageValue is the target value of the average of the metric across all relevant pods (as a quantity)
+ averageValue is the target value of the average of the +metric across all relevant pods (as a quantity)
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -4879,7 +5651,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -4942,7 +5715,9 @@ Selects a key of a secret in the pod's namespace @@ -5017,7 +5792,9 @@ The ConfigMap to select from @@ -5051,7 +5828,9 @@ The Secret to select from @@ -5070,7 +5849,9 @@ The Secret to select from -Ingress is used to specify how OpenTelemetry Collector is exposed. This functionality is only available if one of the valid modes is set. Valid modes are: deployment, daemonset and statefulset. +Ingress is used to specify how OpenTelemetry Collector is exposed. This +functionality is only available if one of the valid modes is set. +Valid modes are: deployment, daemonset and statefulset.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -5085,7 +5866,8 @@ Ingress is used to specify how OpenTelemetry Collector is exposed. This function @@ -5099,21 +5881,27 @@ Ingress is used to specify how OpenTelemetry Collector is exposed. This function @@ -5129,7 +5917,8 @@ Ingress is used to specify how OpenTelemetry Collector is exposed. This function @@ -5143,7 +5932,8 @@ Ingress is used to specify how OpenTelemetry Collector is exposed. This function -Route is an OpenShift specific section that is only considered when type "route" is used. +Route is an OpenShift specific section that is only considered when +type "route" is used.
annotations map[string]string - Annotations to add to ingress. e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"'
+ Annotations to add to ingress. +e.g. 'cert-manager.io/cluster-issuer: "letsencrypt"'
 false
ingressClassName string - IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource.
+ IngressClassName is the name of an IngressClass cluster resource. Ingress +controller implementations use this field to know whether they should be +serving this Ingress resource.
 false
route object - Route is an OpenShift specific section that is only considered when type "route" is used.
+ Route is an OpenShift specific section that is only considered when +type "route" is used.
 false
ruleType enum - RuleType defines how Ingress exposes collector receivers. IngressRuleTypePath ("path") exposes each receiver port on a unique path on single domain defined in Hostname. IngressRuleTypeSubdomain ("subdomain") exposes each receiver port on a unique subdomain of Hostname. Default is IngressRuleTypePath ("path").
+ RuleType defines how Ingress exposes collector receivers. +IngressRuleTypePath ("path") exposes each receiver port on a unique path on single domain defined in Hostname. +IngressRuleTypeSubdomain ("subdomain") exposes each receiver port on a unique subdomain of Hostname. +Default is IngressRuleTypePath ("path").

Enum: path, subdomain
type enum - Type default value is: "" Supported types are: ingress, route
+ Type default value is: "" +Supported types are: ingress, route

Enum: ingress, route
@@ -5187,14 +5977,21 @@ IngressTLS describes the transport layer security associated with an ingress. @@ -5221,77 +6018,119 @@ A single application container that you want to run within a pod. @@ -5305,63 +6144,108 @@ A single application container that you want to run within a pod. @@ -5375,14 +6259,18 @@ A single application container that you want to run within a pod. @@ -5416,7 +6304,15 @@ EnvVar represents an environment variable present in a Container. @@ -5457,14 +6353,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -5505,7 +6403,9 @@ Selects a key of a ConfigMap. @@ -5524,7 +6424,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
hosts []string - hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+ hosts is a list of hosts included in the TLS certificate. The values in +this list must match the name/s used in the tlsSecret. Defaults to the +wildcard host setting for the loadbalancer controller fulfilling this +Ingress, if left unspecified.
 false
secretName string - secretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the "Host" header is used for routing.
+ secretName is the name of the secret used to terminate TLS traffic on +port 443. Field is left optional to allow TLS routing based on SNI +hostname alone. If the SNI host in a listener conflicts with the "Host" +header field used by an IngressRule, the SNI host is used for termination +and value of the "Host" header is used for routing.
 false
name string - Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+ Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL). +Cannot be updated.
 true
args []string - Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Arguments to the entrypoint. +The container image's CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
command []string - Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object - List of environment variables to set in the container. Cannot be updated.
+ List of environment variables to set in the container. +Cannot be updated.
 false
envFrom []object - List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+ List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated.
 false
image string - Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+ Container image name. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
 false
imagePullPolicy string - Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
 false
lifecycle object - Actions that the management system should take in response to container lifecycle events. Cannot be updated.
+ Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
 false
livenessProbe object - Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
ports []object - List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+ List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated.
 false
readinessProbe object - Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
resources object - Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
restartPolicy string - RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+ RestartPolicy defines the restart behavior of individual containers in a pod. +This field may only be set for init containers, and the only allowed value is "Always". +For non-init containers or when this field is not specified, +the restart behavior is defined by the Pod's restart policy and the container type. +Setting the RestartPolicy as "Always" for the init container will have the following effect: +this init container will be continually restarted on +exit until all regular containers have terminated. Once all regular +containers have completed, all init containers with restartPolicy "Always" +will be shut down. This lifecycle differs from normal init containers and +is often referred to as a "sidecar" container. Although this init +container still starts in the init container sequence, it does not wait +for the container to complete before proceeding to the next init +container. Instead, the next init container starts immediately after this +init container is started, or after any startupProbe has successfully +completed.
 false
securityContext object - SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 false
startupProbe object - StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
stdin boolean - Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+ Whether this container should allocate a buffer for stdin in the container runtime. If this +is not set, reads from stdin in the container will always result in EOF. +Default is false.
 false
stdinOnce boolean - Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+ Whether the container runtime should close the stdin channel after it has been opened by +a single attach. When stdin is true the stdin stream will remain open across multiple attach +sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the +first client attaches to stdin, and then remains open and accepts data until the client disconnects, +at which time stdin is closed and remains closed until the container is restarted. If this +flag is false, a container processes that reads from stdin will never receive an EOF. +Default is false
 false
terminationMessagePath string - Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+ Optional: Path at which the file to which the container's termination message +will be written is mounted into the container's filesystem. +Message written is intended to be brief final status, such as an assertion failure message. +Will be truncated by the node if greater than 4096 bytes. The total message length across +all containers will be limited to 12kb. +Defaults to /dev/termination-log. +Cannot be updated.
 false
terminationMessagePolicy string - Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+ Indicate how the termination message should be populated. File will use the contents of +terminationMessagePath to populate the container status message on both success and failure. +FallbackToLogsOnError will use the last chunk of container log output if the termination +message file is empty and the container exited with an error. +The log output is limited to 2048 bytes or 80 lines, whichever is smaller. +Defaults to File. +Cannot be updated.
 false
tty boolean - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. +Default is false.
 false
volumeMounts []object - Pod volumes to mount into the container's filesystem. Cannot be updated.
+ Pod volumes to mount into the container's filesystem. +Cannot be updated.
 false
workingDir string - Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+ Container's working directory. +If not specified, the container runtime's default will be used, which +might be configured in the container image. +Cannot be updated.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -5558,7 +6459,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -5621,7 +6523,9 @@ Selects a key of a secret in the pod's namespace @@ -5696,7 +6600,9 @@ The ConfigMap to select from @@ -5730,7 +6636,9 @@ The Secret to select from @@ -5749,7 +6657,8 @@ The Secret to select from -Actions that the management system should take in response to container lifecycle events. Cannot be updated. +Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -5764,14 +6673,25 @@ Actions that the management system should take in response to container lifecycl @@ -5783,7 +6703,10 @@ Actions that the management system should take in response to container lifecycl -PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
postStart object - PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -5819,7 +6742,9 @@ PostStart is called immediately after a container is created. If the handler fai @@ -5846,7 +6771,11 @@ Exec specifies the action to take. @@ -5873,14 +6802,17 @@ HTTPGet specifies the http request to perform. @@ -5901,7 +6833,8 @@ HTTPGet specifies the http request to perform. @@ -5928,7 +6861,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -5976,7 +6910,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -5991,7 +6927,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -6010,7 +6948,15 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -6046,7 +6992,9 @@ PreStop is called immediately before a container is terminated due to an API req @@ -6073,7 +7021,11 @@ Exec specifies the action to take. @@ -6100,14 +7052,17 @@ HTTPGet specifies the http request to perform. @@ -6128,7 +7083,8 @@ HTTPGet specifies the http request to perform. @@ -6155,7 +7111,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -6203,7 +7160,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -6218,7 +7177,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -6237,7 +7198,10 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -6259,7 +7223,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6282,7 +7247,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6291,7 +7257,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6300,7 +7267,8 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6316,7 +7284,16 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6325,7 +7302,9 @@ Periodic probe of container liveness. Container will be restarted if the probe f @@ -6354,7 +7333,11 @@ Exec specifies the action to take. @@ -6390,8 +7373,11 @@ GRPC specifies an action involving a GRPC port. @@ -6418,14 +7404,17 @@ HTTPGet specifies the http request to perform. @@ -6446,7 +7435,8 @@ HTTPGet specifies the http request to perform. @@ -6473,7 +7463,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -6507,7 +7498,9 @@ TCPSocket specifies an action involving a TCP port. @@ -6541,7 +7534,8 @@ ContainerPort represents a network port in a single container. @@ -6557,7 +7551,10 @@ ContainerPort represents a network port in a single container. @@ -6566,14 +7563,17 @@ ContainerPort represents a network port in a single container. @@ -6587,7 +7587,10 @@ ContainerPort represents a network port in a single container. -Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
containerPort integer - Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+ Number of port to expose on the pod's IP address. +This must be a valid port number, 0 < x < 65536.

Format: int32
hostPort integer - Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+ Number of port to expose on the host. +If specified, this must be a valid port number, 0 < x < 65536. +If HostNetwork is specified, this must match ContainerPort. +Most containers do not need this.

Format: int32
name string - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each +named port in a pod must have a unique name. Name for the port that can be +referred to by services.
 false
protocol string - Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+ Protocol for port. Must be UDP, TCP, or SCTP. +Defaults to "TCP".

Default: TCP
@@ -6609,7 +7612,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6632,7 +7636,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6641,7 +7646,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6650,7 +7656,8 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6666,7 +7673,16 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6675,7 +7691,9 @@ Periodic probe of container service readiness. Container will be removed from se @@ -6704,7 +7722,11 @@ Exec specifies the action to take. @@ -6740,8 +7762,11 @@ GRPC specifies an action involving a GRPC port. @@ -6768,14 +7793,17 @@ HTTPGet specifies the http request to perform. @@ -6796,7 +7824,8 @@ HTTPGet specifies the http request to perform. @@ -6823,7 +7852,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -6857,7 +7887,9 @@ TCPSocket specifies an action involving a TCP port. @@ -6891,14 +7923,16 @@ ContainerResizePolicy represents resource resize policy for the container. @@ -6910,7 +7944,9 @@ ContainerResizePolicy represents resource resize policy for the container. -Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
resourceName string - Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+ Name of the resource to which this resource resize policy applies. +Supported values: cpu, memory.
 true
restartPolicy string - Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+ Restart policy to apply when specified resource is resized. +If not specified, it defaults to NotRequired.
 true
@@ -6925,23 +7961,33 @@ Compute Resources required by this container. Cannot be updated. More info: http @@ -6968,7 +8014,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -6980,7 +8028,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
@@ -6995,42 +8045,63 @@ SecurityContext defines the security options the container should be run with. I @@ -7039,14 +8110,23 @@ SecurityContext defines the security options the container should be run with. I @@ -7055,21 +8135,31 @@ SecurityContext defines the security options the container should be run with. I @@ -7081,7 +8171,9 @@ SecurityContext defines the security options the container should be run with. I -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -7115,7 +8207,11 @@ The capabilities to add/drop when running containers. Defaults to the default se -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
@@ -7163,7 +8259,10 @@ The SELinux context to be applied to the container. If unspecified, the containe -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
@@ -7178,15 +8277,23 @@ The seccomp options to use by this container. If seccomp options are provided at @@ -7198,7 +8305,10 @@ The seccomp options to use by this container. If seccomp options are provided at -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -7213,7 +8323,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -7227,14 +8339,20 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -7246,7 +8364,13 @@ The Windows specific settings applied to all containers. If unspecified, the opt -StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
@@ -7268,7 +8392,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7291,7 +8416,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7300,7 +8426,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7309,7 +8436,8 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7325,7 +8453,16 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7334,7 +8471,9 @@ StartupProbe indicates that the Pod has successfully initialized. If specified, @@ -7363,7 +8502,11 @@ Exec specifies the action to take. @@ -7399,8 +8542,11 @@ GRPC specifies an action involving a GRPC port. @@ -7427,14 +8573,17 @@ HTTPGet specifies the http request to perform. @@ -7455,7 +8604,8 @@ HTTPGet specifies the http request to perform. @@ -7482,7 +8632,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -7516,7 +8667,9 @@ TCPSocket specifies an action involving a TCP port. @@ -7584,7 +8737,8 @@ VolumeMount describes a mounting of a Volume within a container. @@ -7598,28 +8752,36 @@ VolumeMount describes a mounting of a Volume within a container. @@ -7646,14 +8808,25 @@ Actions that the management system should take in response to container lifecycl @@ -7665,7 +8838,10 @@ Actions that the management system should take in response to container lifecycl -PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
service string - Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
postStart object - PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object - PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
@@ -7701,7 +8877,9 @@ PostStart is called immediately after a container is created. If the handler fai @@ -7728,7 +8906,11 @@ Exec specifies the action to take. @@ -7755,14 +8937,17 @@ HTTPGet specifies the http request to perform. @@ -7783,7 +8968,8 @@ HTTPGet specifies the http request to perform. @@ -7810,7 +8996,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -7858,7 +9045,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -7873,7 +9062,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -7892,7 +9083,15 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -7928,7 +9127,9 @@ PreStop is called immediately before a container is terminated due to an API req @@ -7955,7 +9156,11 @@ Exec specifies the action to take. @@ -7982,14 +9187,17 @@ HTTPGet specifies the http request to perform. @@ -8010,7 +9218,8 @@ HTTPGet specifies the http request to perform. @@ -8037,7 +9246,8 @@ HTTPHeader describes a custom header to be used in HTTP probes @@ -8085,7 +9295,9 @@ Sleep represents the duration that the container should sleep before being termi -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
tcpSocket object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
command []string - Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
port int or string - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
host string - Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
scheme string - Scheme to use for connecting to the host. Defaults to HTTP.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
name string - The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
@@ -8100,7 +9312,9 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba @@ -8119,7 +9333,8 @@ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the ba -Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline. +Liveness config for the OpenTelemetry Collector except the probe handler which is auto generated from the health extension of the collector. +It is only effective when healthcheckextension is configured in the OpenTelemetry Collector pipeline.
port int or string - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
@@ -8134,7 +9349,8 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8143,7 +9359,9 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8152,7 +9370,8 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8161,7 +9380,8 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8170,7 +9390,16 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8179,7 +9408,9 @@ Liveness config for the OpenTelemetry Collector except the probe handler which i @@ -8235,7 +9466,8 @@ Metrics defines the metrics configuration for operands. @@ -8247,7 +9479,8 @@ Metrics defines the metrics configuration for operands. -PodDisruptionBudget specifies the pod disruption budget configuration to use for the AmazonCloudWatchAgent workload. +PodDisruptionBudget specifies the pod disruption budget configuration to use +for the AmazonCloudWatchAgent workload.
failureThreshold integer - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.

Format: int32
initialDelaySeconds integer - Number of seconds after the container has started before liveness probes are initiated. Defaults to 0 seconds. Minimum value is 0. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after the container has started before liveness probes are initiated. +Defaults to 0 seconds. Minimum value is 0. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
periodSeconds integer - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.

Format: int32
successThreshold integer - Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
terminationGracePeriodSeconds integer - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
timeoutSeconds integer - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
enableMetrics boolean - EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar mode) should be created for the service managed by the OpenTelemetry Operator. The operator.observability.prometheus feature gate must be enabled to use this feature.
+ EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar mode) should be created for the service managed by the OpenTelemetry Operator. +The operator.observability.prometheus feature gate must be enabled to use this feature.
 false
@@ -8262,14 +9495,20 @@ PodDisruptionBudget specifies the pod disruption budget configuration to use for @@ -8281,8 +9520,12 @@ PodDisruptionBudget specifies the pod disruption budget configuration to use for -PodSecurityContext configures the pod security context for the amazon-cloudwatch-agent pod, when running as a deployment, daemonset, or statefulset. - In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting. +PodSecurityContext configures the pod security context for the +amazon-cloudwatch-agent pod, when running as a deployment, daemonset, +or statefulset. + + +In sidecar mode, the amazon-cloudwatch-agent-operator will ignore this setting.
maxUnavailable int or string - An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ An eviction is allowed if at most "maxUnavailable" pods selected by +"selector" are unavailable after the eviction, i.e. even in absence of +the evicted pod. For example, one can prevent all voluntary evictions +by specifying 0. This is a mutually exclusive setting with "minAvailable".
 false
minAvailable int or string - An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
+ An eviction is allowed if at least "minAvailable" pods selected by +"selector" will still be available after the eviction, i.e. even in the +absence of the evicted pod. So for example you can prevent all voluntary +evictions by specifying "100%".
 false
@@ -8297,9 +9540,18 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch @@ -8308,14 +9560,25 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch @@ -8324,14 +9587,24 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch @@ -8340,35 +9613,52 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch @@ -8380,7 +9670,12 @@ PodSecurityContext configures the pod security context for the amazon-cloudwatch -The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows.
fsGroup integer - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+ A special supplemental group that applies to all containers in a pod. +Some volume types allow the Kubelet to change the ownership of that volume +to be owned by the pod: + + +1. The owning GID will be the FSGroup +2. The setgid bit is set (new files created in the volume will be owned by FSGroup) +3. The permission bits are OR'd with rw-rw---- + + +If unset, the Kubelet will not modify the ownership and permissions of any volume. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
fsGroupChangePolicy string - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume +before being exposed inside Pod. This field will only apply to +volume types which support fsGroup based ownership(and permissions). +It will have no effect on ephemeral volume types such as: secret, configmaps +and emptydir. +Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
 false
supplementalGroups []integer - A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+ A list of groups applied to the first process run in each container, in addition +to the container's primary GID, the fsGroup (if specified), and group memberships +defined in the container image for the uid of the container process. If unspecified, +no additional groups are added to any container. Note that group memberships +defined in the container image for the uid of the container process are still effective, +even if they are not included in this list. +Note that this field cannot be set when spec.os.name is windows.
 false
sysctls []object - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported +sysctls (by the container runtime) might fail to launch. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -8428,7 +9723,8 @@ The SELinux context to be applied to all containers. If unspecified, the contain -The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
@@ -8443,15 +9739,23 @@ The seccomp options to use by the containers in this pod. Note that this field c @@ -8497,7 +9801,10 @@ Sysctl defines a kernel parameter to be set -The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -8512,7 +9819,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -8526,14 +9835,20 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -8569,24 +9884,50 @@ ServicePort contains information on service's port. @@ -8595,7 +9936,8 @@ ServicePort contains information on service's port. @@ -8604,7 +9946,14 @@ ServicePort contains information on service's port. @@ -8631,23 +9980,33 @@ Resources to set on the OpenTelemetry Collector pods. @@ -8674,7 +10033,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -8686,9 +10047,17 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. +SecurityContext configures the container security context for +the amazon-cloudwatch-agent container. + + +In deployment, daemonset, or statefulset mode, this controls +the security context settings for the primary application +container. + + +In sidecar mode, this controls the security context for the +injected sidecar container.
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
appProtocol string - The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
+ The application protocol for this port. +This is used as a hint for implementations to offer richer behavior for protocols that they understand. +This field follows standard Kubernetes label syntax. +Valid values are either: + + +* Un-prefixed protocol names - reserved for IANA standard service names (as per +RFC-6335 and https://www.iana.org/assignments/service-names). + + +* Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + +* Other protocols should use implementation-defined prefixed names such as +mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. +All ports within a ServiceSpec must have unique names. When considering +the endpoints for a Service, this must match the 'name' field in the +EndpointPort. +Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is +NodePort or LoadBalancer. Usually assigned by the system. If a value is +specified, in-range, and not in use it will be used, otherwise the +operation will fail. If not specified, a port will be allocated if this +Service requires one. If this field is specified when creating a +Service which does not need it, creation will fail. This field will be +wiped when updating a Service to no longer need it (e.g. changing type +from NodePort to ClusterIP). +More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". +Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. +Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +If this is a string, it will be looked up as a named port in the +target Pod's container ports. If this is not specified, the value +of the 'port' field is used (an identity map). +This field is ignored for services with clusterIP=None, and should be +omitted or set equal to the 'port' field. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
@@ -8703,42 +10072,63 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -8747,14 +10137,23 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -8763,21 +10162,31 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -8789,7 +10198,9 @@ SecurityContext configures the container security context for the amazon-cloudwa -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -8823,7 +10234,11 @@ The capabilities to add/drop when running containers. Defaults to the default se -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
@@ -8871,7 +10286,10 @@ The SELinux context to be applied to the container. If unspecified, the containe -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
@@ -8886,15 +10304,23 @@ The seccomp options to use by this container. If seccomp options are provided at @@ -8906,7 +10332,10 @@ The seccomp options to use by this container. If seccomp options are provided at -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -8921,7 +10350,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -8935,26 +10366,32 @@ The Windows specific settings applied to all containers. If unspecified, the opt
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
-### AmazonCloudWatchAgent.spec.tolerations[index] +### AmazonCloudWatchAgent.spec.targetAllocator [↩ Parent](#amazoncloudwatchagentspec) -The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . +TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. @@ -8966,137 +10403,130 @@ The pod this Toleration is attached to tolerates any taint that matches the trip - - + + - - + + - - + + - - + + - + - -
effectstringaffinityobject - Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ If specified, indicates the pod's scheduling constraints
 false
keystringallocationStrategyenum - Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ AllocationStrategy determines which strategy the target allocator should use for allocation. +The current options are least-weighted and consistent-hashing. The default option is least-weighted
+
+ Enum: least-weighted, consistent-hashing
 false
operatorstringenabledboolean - Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+ Enabled indicates whether to use a target allocation mechanism for Prometheus targets or not.
 false
tolerationSecondsintegerenv[]object - TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
-
- Format: int64
+ ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be +consumed in the config file for the TargetAllocator.
 false
valuefilterStrategy string - Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+ FilterStrategy determines how to filter targets before allocating them among the collectors. +The only current option is relabel-config (drops targets based on prom relabel_config). +Filtering is disabled by default.
 false
- - -### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index] -[↩ Parent](#amazoncloudwatchagentspec) - - - -TopologySpreadConstraint specifies how to spread matching pods among the given topology. - - - - - - - - - - - - - - - - + - + - - + + - + - + - - + + - - + + - - + + - + + + + + + + + + + +
NameTypeDescriptionRequired
maxSkewinteger - MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
-
- Format: int32
- 		true
topologyKeyimage string - TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
+ Image indicates the container image to use for the OpenTelemetry TargetAllocator.
truefalse
whenUnsatisfiablestringnodeSelectormap[string]string - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+ NodeSelector to schedule OpenTelemetry TargetAllocator pods.
truefalse
labelSelectorprometheusCR object - LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+ PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. +All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces.
 false
matchLabelKeys[]stringreplicasinteger - MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value +other than 1 if a strategy that allows for high availability is chosen. Currently, the only allocation strategy +that can be run in a high availability mode is consistent-hashing.
+
+ Format: int32
 false
minDomainsintegerresourcesobject - MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
-
- Format: int32
+ Resources to set on the OpenTelemetryTargetAllocator containers.
 false
nodeAffinityPolicystringsecurityContextobject - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ SecurityContext configures the container security context for +the targetallocator.
 false
nodeTaintsPolicyserviceAccount string - NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. - If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, +the operator will not automatically create a ServiceAccount for the TargetAllocator.
+ 		false
tolerations[]object + Toleration embedded kubernetes pod configuration option, +controls how pods can be scheduled with matching taints
+ 		false
topologySpreadConstraints[]object + TopologySpreadConstraints embedded kubernetes pod configuration option, +controls how pods are spread across your cluster among failure-domains +such as regions, zones, nodes, and other user-defined topology domains +https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 false
-### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector -[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindex) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity +[↩ Parent](#amazoncloudwatchagentspectargetallocator) -LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. +If specified, indicates the pod's scheduling constraints @@ -9108,29 +10538,36 @@ LabelSelector is used to find matching pods. Pods that match this label selector - - + + - - + + + + + + +
matchExpressions[]objectnodeAffinityobject - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ Describes node affinity scheduling rules for the pod.
 false
matchLabelsmap[string]stringpodAffinityobject + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ 		false
podAntiAffinityobject - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
 false
-### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector.matchExpressions[index] -[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindexlabelselector) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +Describes node affinity scheduling rules for the pod. @@ -9142,36 +10579,42 @@ A label selector requirement is a selector that contains values, a key, and an o - - - - - - - + + - + - - + +
keystring - key is the label key that the selector applies to.
- 		true
operatorstringpreferredDuringSchedulingIgnoredDuringExecution[]object - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
truefalse
values[]stringrequiredDuringSchedulingIgnoredDuringExecutionobject - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
 false
-### AmazonCloudWatchAgent.spec.updateStrategy -[↩ Parent](#amazoncloudwatchagentspec) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) -UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec This is only applicable to Daemonset mode. +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). @@ -9183,29 +10626,31 @@ UpdateStrategy represents the strategy the operator will take replacing existing - + - + - - + + - +
rollingUpdatepreference object - Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345
+ A node selector term, associated with the corresponding weight.
falsetrue
typestringweightinteger - Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
+ Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+ Format: int32
falsetrue
-### AmazonCloudWatchAgent.spec.updateStrategy.rollingUpdate -[↩ Parent](#amazoncloudwatchagentspecupdatestrategy) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindex) -Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345 +A node selector term, associated with the corresponding weight. @@ -9217,29 +10662,30 @@ Rolling update config params. Present only if type = "RollingUpdate". --- TODO: - - + + - - + +
maxSurgeint or stringmatchExpressions[]object - The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption.
+ A list of node selector requirements by node's labels.
 false
maxUnavailableint or stringmatchFields[]object - The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
+ A list of node selector requirements by node's fields.
 false
-### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index] -[↩ Parent](#amazoncloudwatchagentspec) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) -PersistentVolumeClaim is a user's request for and claim to a persistent volume +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. @@ -9251,50 +10697,42 @@ PersistentVolumeClaim is a user's request for and claim to a persistent volume - + - + - + - - - - - - - - - - - + - - + +
apiVersionkey string - APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ The label key that the selector applies to.
falsetrue
kindoperator string - Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- 		false
metadataobject - Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- 		false
specobject - spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
falsetrue
statusobjectvalues[]string - status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
-### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index].metadata -[↩ Parent](#amazoncloudwatchagentspecvolumeclaimtemplatesindex) +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) -Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. @@ -9306,17 +10744,2998 @@ Standard object's metadata. More info: https://git.k8s.io/community/contributors - - + + - + - - + + + + + + + + + +
annotationsmap[string]stringkeystring -
+ The label key that the selector applies to.
falsetrue
finalizers[]stringoperatorstring -
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinity) + + + +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
nodeSelectorTerms[]object + Required. A list of node selector terms. The terms are ORed.
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecution) + + + +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + A list of node selector requirements by node's labels.
+ 		false
matchFields[]object + A list of node selector requirements by node's fields.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) + + + +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) + + + +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) + + + +Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object + The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
+ 		false
requiredDuringSchedulingIgnoredDuringExecution[]object + If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) + + + +The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
podAffinityTermobject + Required. A pod affinity term, associated with the corresponding weight.
+ 		true
weightinteger + weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.
+
+ Format: int32
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindex) + + + +Required. A pod affinity term, associated with the corresponding weight. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
mismatchLabelKeys[]string + MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinity) + + + +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
mismatchLabelKeys[]string + MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinity) + + + +Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object + The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
+ 		false
requiredDuringSchedulingIgnoredDuringExecution[]object + If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) + + + +The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
podAffinityTermobject + Required. A pod affinity term, associated with the corresponding weight.
+ 		true
weightinteger + weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.
+
+ Format: int32
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindex) + + + +Required. A pod affinity term, associated with the corresponding weight. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
mismatchLabelKeys[]string + MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) + + + +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinity) + + + +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
topologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
mismatchLabelKeys[]string + MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) + + + +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatoraffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. Must be a C_IDENTIFIER.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindex) + + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.configMapKeyRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.fieldRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.resourceFieldRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.env[index].valueFrom.secretKeyRef +[↩ Parent](#amazoncloudwatchagentspectargetallocatorenvindexvaluefrom) + + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.prometheusCR +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. +All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Enabled indicates whether to use a PrometheusOperator custom resources as targets or not.
+ 		false
podMonitorSelectormap[string]string + PodMonitors to be selected for target discovery. +This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a +PodMonitor's meta labels. The requirements are ANDed.
+ 		false
scrapeIntervalstring + Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. + + +Default: "30s"
+
+ Format: duration
+ Default: 30s
+ 		false
serviceMonitorSelectormap[string]string + ServiceMonitors to be selected for target discovery. +This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a +ServiceMonitor's meta labels. The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.resources +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +Resources to set on the OpenTelemetryTargetAllocator containers. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claims[]object + Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
+ 		false
limitsmap[string]int or string + Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.resources.claims[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatorresources) + + + +ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +SecurityContext configures the container security context for +the targetallocator. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fsGroupinteger + A special supplemental group that applies to all containers in a pod. +Some volume types allow the Kubelet to change the ownership of that volume +to be owned by the pod: + + +1. The owning GID will be the FSGroup +2. The setgid bit is set (new files created in the volume will be owned by FSGroup) +3. The permission bits are OR'd with rw-rw---- + + +If unset, the Kubelet will not modify the ownership and permissions of any volume. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
fsGroupChangePolicystring + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume +before being exposed inside Pod. This field will only apply to +volume types which support fsGroup based ownership(and permissions). +It will have no effect on ephemeral volume types such as: secret, configmaps +and emptydir. +Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
runAsGroupinteger + The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
runAsNonRootboolean + Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
runAsUserinteger + The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
seLinuxOptionsobject + The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
seccompProfileobject + The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
supplementalGroups[]integer + A list of groups applied to the first process run in each container, in addition +to the container's primary GID, the fsGroup (if specified), and group memberships +defined in the container image for the uid of the container process. If unspecified, +no additional groups are added to any container. Note that group memberships +defined in the container image for the uid of the container process are still effective, +even if they are not included in this list. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
sysctls[]object + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported +sysctls (by the container runtime) might fail to launch. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
windowsOptionsobject + The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seLinuxOptions +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
levelstring + Level is SELinux level label that applies to the container.
+ 		false
rolestring + Role is a SELinux role label that applies to the container.
+ 		false
typestring + Type is a SELinux type label that applies to the container.
+ 		false
userstring + User is a SELinux user label that applies to the container.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.seccompProfile +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
+ 		true
localhostProfilestring + localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.sysctls[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +Sysctl defines a kernel parameter to be set + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of a property to set
+ 		true
valuestring + Value of a property to set
+ 		true
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.securityContext.windowsOptions +[↩ Parent](#amazoncloudwatchagentspectargetallocatorsecuritycontext) + + + +The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
gmsaCredentialSpecstring + GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
+ 		false
gmsaCredentialSpecNamestring + GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ 		false
hostProcessboolean + HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
+ 		false
runAsUserNamestring + The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.tolerations[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocator) + + + +TopologySpreadConstraint specifies how to spread matching pods among the given topology. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
maxSkewinteger + MaxSkew describes the degree to which pods may be unevenly distributed. +When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference +between the number of matching pods in the target topology and the global minimum. +The global minimum is the minimum number of matching pods in an eligible domain +or zero if the number of eligible domains is less than MinDomains. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 2/2/1: +In this case, the global minimum is 1. +| zone1 | zone2 | zone3 | +| P P | P P | P | +- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; +scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) +violate MaxSkew(1). +- if MaxSkew is 2, incoming pod can be scheduled onto any zone. +When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence +to topologies that satisfy it. +It's a required field. Default value is 1 and 0 is not allowed.
+
+ Format: int32
+ 		true
topologyKeystring + TopologyKey is the key of node labels. Nodes that have a label with this key +and identical values are considered to be in the same topology. +We consider each as a "bucket", and try to put balanced number +of pods into each bucket. +We define a domain as a particular instance of a topology. +Also, we define an eligible domain as a domain whose nodes meet the requirements of +nodeAffinityPolicy and nodeTaintsPolicy. +e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. +And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. +It's a required field.
+ 		true
whenUnsatisfiablestring + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy +the spread constraint. +- DoNotSchedule (default) tells the scheduler not to schedule it. +- ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. +A constraint is considered "Unsatisfiable" for an incoming pod +if and only if every possible node assignment for that pod would violate +"MaxSkew" on some topology. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 3/1/1: +| zone1 | zone2 | zone3 | +| P P P | P | P | +If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled +to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies +MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler +won't make it *more* imbalanced. +It's a required field.
+ 		true
labelSelectorobject + LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select the pods over which +spreading will be calculated. The keys are used to lookup values from the +incoming pod labels, those key-value labels are ANDed with labelSelector +to select the group of existing pods over which spreading will be calculated +for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +MatchLabelKeys cannot be set when LabelSelector isn't set. +Keys that don't exist in the incoming pod labels will +be ignored. A null or empty list means only match against labelSelector. + + +This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ 		false
minDomainsinteger + MinDomains indicates a minimum number of eligible domains. +When the number of eligible domains with matching topology keys is less than minDomains, +Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. +And when the number of eligible domains with matching topology keys equals or greater than minDomains, +this value has no effect on scheduling. +As a result, when the number of eligible domains is less than minDomains, +scheduler won't schedule more than maxSkew Pods to those domains. +If value is nil, the constraint behaves as if MinDomains is equal to 1. +Valid values are integers greater than 0. +When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + +For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same +labelSelector spread as 2/2/2: +| zone1 | zone2 | zone3 | +| P P | P P | P P | +The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. +In this situation, new pod with the same labelSelector cannot be scheduled, +because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, +it will violate MaxSkew. + + +This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+ Format: int32
+ 		false
nodeAffinityPolicystring + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector +when calculating pod topology spread skew. Options are: +- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. +- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + +If this value is nil, the behavior is equivalent to the Honor policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
nodeTaintsPolicystring + NodeTaintsPolicy indicates how we will treat node taints when calculating +pod topology spread skew. Options are: +- Honor: nodes without taints, along with tainted nodes for which the incoming pod +has a toleration, are included. +- Ignore: node taints are ignored. All nodes are included. + + +If this value is nil, the behavior is equivalent to the Ignore policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindex) + + + +LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.targetAllocator.topologySpreadConstraints[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectargetallocatortopologyspreadconstraintsindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.tolerations[index] +[↩ Parent](#amazoncloudwatchagentspec) + + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index] +[↩ Parent](#amazoncloudwatchagentspec) + + + +TopologySpreadConstraint specifies how to spread matching pods among the given topology. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
maxSkewinteger + MaxSkew describes the degree to which pods may be unevenly distributed. +When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference +between the number of matching pods in the target topology and the global minimum. +The global minimum is the minimum number of matching pods in an eligible domain +or zero if the number of eligible domains is less than MinDomains. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 2/2/1: +In this case, the global minimum is 1. +| zone1 | zone2 | zone3 | +| P P | P P | P | +- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; +scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) +violate MaxSkew(1). +- if MaxSkew is 2, incoming pod can be scheduled onto any zone. +When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence +to topologies that satisfy it. +It's a required field. Default value is 1 and 0 is not allowed.
+
+ Format: int32
+ 		true
topologyKeystring + TopologyKey is the key of node labels. Nodes that have a label with this key +and identical values are considered to be in the same topology. +We consider each as a "bucket", and try to put balanced number +of pods into each bucket. +We define a domain as a particular instance of a topology. +Also, we define an eligible domain as a domain whose nodes meet the requirements of +nodeAffinityPolicy and nodeTaintsPolicy. +e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. +And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. +It's a required field.
+ 		true
whenUnsatisfiablestring + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy +the spread constraint. +- DoNotSchedule (default) tells the scheduler not to schedule it. +- ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. +A constraint is considered "Unsatisfiable" for an incoming pod +if and only if every possible node assignment for that pod would violate +"MaxSkew" on some topology. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 3/1/1: +| zone1 | zone2 | zone3 | +| P P P | P | P | +If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled +to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies +MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler +won't make it *more* imbalanced. +It's a required field.
+ 		true
labelSelectorobject + LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain.
+ 		false
matchLabelKeys[]string + MatchLabelKeys is a set of pod label keys to select the pods over which +spreading will be calculated. The keys are used to lookup values from the +incoming pod labels, those key-value labels are ANDed with labelSelector +to select the group of existing pods over which spreading will be calculated +for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +MatchLabelKeys cannot be set when LabelSelector isn't set. +Keys that don't exist in the incoming pod labels will +be ignored. A null or empty list means only match against labelSelector. + + +This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ 		false
minDomainsinteger + MinDomains indicates a minimum number of eligible domains. +When the number of eligible domains with matching topology keys is less than minDomains, +Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. +And when the number of eligible domains with matching topology keys equals or greater than minDomains, +this value has no effect on scheduling. +As a result, when the number of eligible domains is less than minDomains, +scheduler won't schedule more than maxSkew Pods to those domains. +If value is nil, the constraint behaves as if MinDomains is equal to 1. +Valid values are integers greater than 0. +When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + +For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same +labelSelector spread as 2/2/2: +| zone1 | zone2 | zone3 | +| P P | P P | P P | +The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. +In this situation, new pod with the same labelSelector cannot be scheduled, +because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, +it will violate MaxSkew. + + +This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+ Format: int32
+ 		false
nodeAffinityPolicystring + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector +when calculating pod topology spread skew. Options are: +- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. +- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + +If this value is nil, the behavior is equivalent to the Honor policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
nodeTaintsPolicystring + NodeTaintsPolicy indicates how we will treat node taints when calculating +pod topology spread skew. Options are: +- Honor: nodes without taints, along with tainted nodes for which the incoming pod +has a toleration, are included. +- Ignore: node taints are ignored. All nodes are included. + + +If this value is nil, the behavior is equivalent to the Ignore policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector +[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindex) + + + +LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.topologySpreadConstraints[index].labelSelector.matchExpressions[index] +[↩ Parent](#amazoncloudwatchagentspectopologyspreadconstraintsindexlabelselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.updateStrategy +[↩ Parent](#amazoncloudwatchagentspec) + + + +UpdateStrategy represents the strategy the operator will take replacing existing DaemonSet pods with new pods +https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec +This is only applicable to Daemonset mode. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
rollingUpdateobject + Rolling update config params. Present only if type = "RollingUpdate". +--- +TODO: Update this to follow our convention for oneOf, whatever we decide it +to be. Same as Deployment `strategy.rollingUpdate`. +See https://github.com/kubernetes/kubernetes/issues/35345
+ 		false
typestring + Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.updateStrategy.rollingUpdate +[↩ Parent](#amazoncloudwatchagentspecupdatestrategy) + + + +Rolling update config params. Present only if type = "RollingUpdate". +--- +TODO: Update this to follow our convention for oneOf, whatever we decide it +to be. Same as Deployment `strategy.rollingUpdate`. +See https://github.com/kubernetes/kubernetes/issues/35345 + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
maxSurgeint or string + The maximum number of nodes with an existing available DaemonSet pod that +can have an updated DaemonSet pod during during an update. +Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). +This can not be 0 if MaxUnavailable is 0. +Absolute number is calculated from percentage by rounding up to a minimum of 1. +Default value is 0. +Example: when this is set to 30%, at most 30% of the total number of nodes +that should be running the daemon pod (i.e. status.desiredNumberScheduled) +can have their a new pod created before the old pod is marked as deleted. +The update starts by launching new pods on 30% of nodes. Once an updated +pod is available (Ready for at least minReadySeconds) the old DaemonSet pod +on that node is marked deleted. If the old pod becomes unavailable for any +reason (Ready transitions to false, is evicted, or is drained) an updated +pod is immediatedly created on that node without considering surge limits. +Allowing surge implies the possibility that the resources consumed by the +daemonset on any given node can double if the readiness check fails, and +so resource intensive daemonsets should take into account that they may +cause evictions during disruption.
+ 		false
maxUnavailableint or string + The maximum number of DaemonSet pods that can be unavailable during the +update. Value can be an absolute number (ex: 5) or a percentage of total +number of DaemonSet pods at the start of the update (ex: 10%). Absolute +number is calculated from percentage by rounding up. +This cannot be 0 if MaxSurge is 0 +Default value is 1. +Example: when this is set to 30%, at most 30% of the total number of nodes +that should be running the daemon pod (i.e. status.desiredNumberScheduled) +can have their pods stopped for an update at any given time. The update +starts by stopping at most 30% of those DaemonSet pods and then brings +up new DaemonSet pods in their place. Once the new pods are available, +it then proceeds onto other DaemonSet pods, thus ensuring that at least +70% of original number of DaemonSet pods are available at all times during +the update.
+ 		false
+ + +### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index] +[↩ Parent](#amazoncloudwatchagentspec) + + + +PersistentVolumeClaim is a user's request for and claim to a persistent volume + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstring + APIVersion defines the versioned schema of this representation of an object. +Servers should convert recognized schemas to the latest internal value, and +may reject unrecognized values. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ 		false
kindstring + Kind is a string value representing the REST resource this object represents. +Servers may infer this from the endpoint the client submits requests to. +Cannot be updated. +In CamelCase. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ 		false
metadataobject + Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ 		false
specobject + spec defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
statusobject + status represents the current information/status of a persistent volume claim. +Read-only. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
+ + +### AmazonCloudWatchAgent.spec.volumeClaimTemplates[index].metadata +[↩ Parent](#amazoncloudwatchagentspecvolumeclaimtemplatesindex) + + + +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + + + + + + + + + + + + + + + + + + + @@ -9349,7 +13768,8 @@ Standard object's metadata. More info: https://git.k8s.io/community/contributors -spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +spec defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
NameTypeDescriptionRequired
annotationsmap[string]string +
+ 		false
finalizers[]string +
false
@@ -9364,28 +13784,62 @@ spec defines the desired characteristics of a volume requested by a pod author. @@ -9399,21 +13853,34 @@ spec defines the desired characteristics of a volume requested by a pod author. @@ -9432,7 +13899,14 @@ spec defines the desired characteristics of a volume requested by a pod author. -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
@@ -9461,7 +13935,9 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj @@ -9473,7 +13949,29 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
@@ -9502,14 +14000,18 @@ dataSourceRef specifies the object from which to populate the volume with data, @@ -9521,7 +14023,11 @@ dataSourceRef specifies the object from which to populate the volume with data, -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -9536,14 +14042,18 @@ resources represents the minimum resources the volume should have. If RecoverVol @@ -9577,7 +14087,9 @@ selector is a label query over volumes to consider for binding. @@ -9589,7 +14101,8 @@ selector is a label query over volumes to consider for binding. -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -9611,14 +14124,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -9630,7 +14147,9 @@ A label selector requirement is a selector that contains values, a key, and an o -status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +status represents the current information/status of a persistent volume claim. +Read-only. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -9645,27 +14164,83 @@ status represents the current information/status of a persistent volume claim. R @@ -9679,21 +14254,26 @@ status represents the current information/status of a persistent volume claim. R @@ -9766,7 +14346,9 @@ PersistentVolumeClaimCondition contains details about state of pvc @@ -9778,7 +14360,9 @@ PersistentVolumeClaimCondition contains details about state of pvc -ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature. +ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. +When this is unset, there is no ModifyVolume operation being attempted. +This is an alpha field and requires enabling VolumeAttributesClass feature.
accessModes []string - accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the actual access modes the volume backing the PVC has. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
allocatedResourceStatuses map[string]string - allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. - ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. - A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ allocatedResourceStatuses stores status of resource being resized for the given PVC. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +ClaimResourceStatus can be in any of following states: + - ControllerResizeInProgress: + State set when resize controller starts resizing the volume in control-plane. + - ControllerResizeFailed: + State set when resize has failed in resize controller with a terminal error. + - NodeResizePending: + State set when resize controller has finished resizing the volume but further resizing of + volume is needed on the node. + - NodeResizeInProgress: + State set when kubelet starts resizing the volume. + - NodeResizeFailed: + State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + NodeResizeFailed. +For example: if expanding a PVC for more capacity - this field can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" +When this field is not set, it means that no resize operation is in progress for the given PVC. + + +A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 false
allocatedResources map[string]int or string - allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. - Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. - A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ allocatedResources tracks the resources allocated to a PVC including its capacity. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +Capacity reported here may be larger than the actual capacity when a volume expansion operation +is requested. +For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. +If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. +If a volume expansion capacity request is lowered, allocatedResources is only +lowered if there are no expansion operations in progress and if the actual volume capacity +is equal or lower than the requested capacity. + + +A controller that receives PVC update with previously unknown resourceName +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 false
conditions []object - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+ conditions is the current Condition of persistent volume claim. If underlying persistent volume is being +resized then the Condition will be set to 'ResizeStarted'.
 false
currentVolumeAttributesClassName string - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is an alpha field and requires enabling VolumeAttributesClass feature.
+ currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. +When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim +This is an alpha field and requires enabling VolumeAttributesClass feature.
 false
modifyVolumeStatus object - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is an alpha field and requires enabling VolumeAttributesClass feature.
+ ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. +When this is unset, there is no ModifyVolume operation being attempted. +This is an alpha field and requires enabling VolumeAttributesClass feature.
 false
reason string - reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
+ reason is a unique, this should be a short, machine understandable string that gives the reason +for condition's last transition. If it reports "ResizeStarted" that means the underlying +persistent volume is being resized.
 false
@@ -9793,7 +14377,16 @@ ModifyVolumeStatus represents the status object of ControllerModifyVolume operat @@ -9827,7 +14420,8 @@ VolumeMount describes a mounting of a Volume within a container. @@ -9841,28 +14435,36 @@ VolumeMount describes a mounting of a Volume within a container. @@ -9889,14 +14491,18 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -9924,7 +14530,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -9952,18 +14559,42 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -9977,7 +14608,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -9991,49 +14623,67 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -10068,7 +14718,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -10082,7 +14733,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -10108,7 +14760,9 @@ Volume represents a named volume in a pod that may be accessed by any container -awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
status string - status is the status of the ControllerModifyVolume operation. It can be in any of following states: - Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing. - InProgress InProgress indicates that the volume is being modified. - Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
+ status is the status of the ControllerModifyVolume operation. It can be in any of following states: + - Pending + Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as + the specified VolumeAttributesClass not existing. + - InProgress + InProgress indicates that the volume is being modified. + - Infeasible + Infeasible indicates that the request has been rejected as invalid by the CSI driver. To + resolve the error, a valid VolumeAttributesClass needs to be specified. +Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
 true
mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
name string - name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 true
awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
 false
flexVolume object - flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
 false
gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
gitRepo object - gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
 false
glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
hostPath object - hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
 false
iscsi object - iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
 false
secret object - secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
@@ -10123,21 +14777,29 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -10146,7 +14808,8 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -10194,7 +14857,9 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -10208,7 +14873,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -10249,7 +14915,8 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -10276,7 +14943,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -10290,28 +14958,33 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -10323,7 +14996,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -10338,7 +15012,9 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U @@ -10350,7 +15026,8 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U -cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -10365,28 +15042,35 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. @@ -10398,7 +15082,8 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. -secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
@@ -10413,7 +15098,9 @@ secretRef is optional: points to a secret object containing parameters used to c @@ -10440,7 +15127,13 @@ configMap represents a configMap that should populate this volume @@ -10449,14 +15142,22 @@ configMap represents a configMap that should populate this volume @@ -10497,14 +15198,22 @@ Maps a string key to a path within a volume. @@ -10533,35 +15242,44 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -10573,7 +15291,11 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b -nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
@@ -10588,7 +15310,9 @@ nodePublishSecretRef is a reference to the secret object containing sensitive in @@ -10615,7 +15339,14 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -10665,7 +15396,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -10674,7 +15410,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -10720,7 +15457,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -10761,7 +15499,8 @@ Selects a resource of the container: only resources limits and requests (limits. -emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -10776,14 +15515,22 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf @@ -10795,11 +15542,34 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf -ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -10814,10 +15584,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v @@ -10829,10 +15619,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v -Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
@@ -10847,14 +15657,19 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi @@ -10866,7 +15681,10 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi -The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
@@ -10881,28 +15699,62 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -10916,21 +15768,34 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -10949,7 +15814,14 @@ The specification for the PersistentVolumeClaim. The entire content is copied un -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
@@ -10978,7 +15850,9 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj @@ -10990,7 +15864,29 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
@@ -11019,14 +15915,18 @@ dataSourceRef specifies the object from which to populate the volume with data, @@ -11038,7 +15938,11 @@ dataSourceRef specifies the object from which to populate the volume with data, -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -11053,14 +15957,18 @@ resources represents the minimum resources the volume should have. If RecoverVol @@ -11094,7 +16002,9 @@ selector is a label query over volumes to consider for binding. @@ -11106,7 +16016,8 @@ selector is a label query over volumes to consider for binding. -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -11128,14 +16039,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -11147,7 +16062,9 @@ A label selector requirement is a selector that contains values, a key, and an o -May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -11217,7 +16134,10 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -11233,7 +16153,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -11247,7 +16168,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -11259,7 +16181,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach -flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -11281,7 +16204,9 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -11295,14 +16220,19 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -11314,7 +16244,11 @@ flexVolume represents a generic volume resource that is provisioned/attached usi -secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
@@ -11329,7 +16263,9 @@ secretRef is Optional: secretRef is reference to the secret object containing se @@ -11356,7 +16292,8 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -11375,7 +16312,9 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d -gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
@@ -11390,21 +16329,30 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -11413,7 +16361,9 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -11425,7 +16375,10 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's -gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -11447,7 +16400,10 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep @@ -11466,7 +16422,8 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
@@ -11481,21 +16438,25 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. @@ -11507,7 +16468,14 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -11522,14 +16490,18 @@ hostPath represents a pre-existing file or directory on the host machine that is @@ -11541,7 +16513,9 @@ hostPath represents a pre-existing file or directory on the host machine that is -iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -11572,7 +16546,8 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -11593,35 +16568,44 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -11655,7 +16639,9 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -11667,7 +16653,8 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication -nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -11682,21 +16669,25 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: @@ -11708,7 +16699,9 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: -persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -11723,14 +16716,16 @@ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl @@ -11764,7 +16759,9 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -11798,14 +16795,17 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -11832,7 +16832,12 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -11868,10 +16873,22 @@ Projection that may be projected along with other supported volume types @@ -11911,10 +16928,22 @@ Projection that may be projected along with other supported volume types -ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundle object - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
 false
@@ -11936,28 +16965,38 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust @@ -11969,7 +17008,10 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust -Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
+ Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive +with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) +aren't available. If using name, then the named ClusterTrustBundle is +allowed not to exist. If using signerName, then the combination of +signerName and labelSelector is allowed to match zero +ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. +Mutually-exclusive with name. The contents of all selected +ClusterTrustBundles will be unified and deduplicated.
 false
@@ -11991,7 +17033,9 @@ Select all ClusterTrustBundles that match this label selector. Only has effect @@ -12003,7 +17047,8 @@ Select all ClusterTrustBundles that match this label selector. Only has effect -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -12025,14 +17070,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -12059,14 +17108,22 @@ configMap information about the configMap data to project @@ -12107,14 +17164,22 @@ Maps a string key to a path within a volume. @@ -12184,7 +17249,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -12193,7 +17263,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -12239,7 +17310,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -12295,14 +17367,22 @@ secret information about the secret data to project @@ -12343,14 +17423,22 @@ Maps a string key to a path within a volume. @@ -12379,21 +17467,30 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -12422,7 +17519,9 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -12436,28 +17535,32 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -12469,7 +17572,8 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the token into.
+ path is the path relative to the mount point of the file to project the +token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
 true
group string - group to map volume access to Default is no group
+ group to map volume access to +Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to Defaults to serivceaccount user
+ user to map volume access to +Defaults to serivceaccount user
 false
@@ -12484,56 +17588,73 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti @@ -12545,7 +17666,10 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti -secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -12560,7 +17684,9 @@ secretRef is name of the authentication secret for RBDUser. If provided override @@ -12594,7 +17720,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12608,7 +17735,10 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12622,7 +17752,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12636,7 +17767,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12650,7 +17782,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -12662,7 +17795,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete -secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
@@ -12677,7 +17811,9 @@ secretRef references to the secret for ScaleIO user and other sensitive informat @@ -12689,7 +17825,8 @@ secretRef references to the secret for ScaleIO user and other sensitive informat -secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -12704,7 +17841,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -12713,7 +17856,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -12727,7 +17876,8 @@ secret represents a secret that should populate this volume. More info: https:// @@ -12761,14 +17911,22 @@ Maps a string key to a path within a volume. @@ -12797,35 +17955,45 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -12837,7 +18005,8 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes -secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -12852,7 +18021,9 @@ secretRef specifies the secret to use for obtaining the StorageOS API credential @@ -12886,7 +18057,9 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -12934,14 +18107,16 @@ AmazonCloudWatchAgentStatus defines the observed state of AmazonCloudWatchAgent. @@ -12984,7 +18159,8 @@ Scale is the AmazonCloudWatchAgent's scale subresource status. @@ -12993,14 +18169,17 @@ Scale is the AmazonCloudWatchAgent's scale subresource status. @@ -13094,7 +18273,8 @@ DcgmExporterSpec defines the desired state of DcgmExporter. @@ -13115,14 +18295,17 @@ DcgmExporterSpec defines the desired state of DcgmExporter. @@ -13136,7 +18319,8 @@ DcgmExporterSpec defines the desired state of DcgmExporter. @@ -13146,6 +18330,14 @@ DcgmExporterSpec defines the desired state of DcgmExporter. TlsConfig is the raw YAML to be used as the exporter TLS configuration.
+ + + + + @@ -13225,14 +18417,26 @@ Describes node affinity scheduling rules for the pod. @@ -13244,7 +18448,8 @@ Describes node affinity scheduling rules for the pod. -An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. +Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. Deprecated: use "AmazonCloudWatchAgent.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. +Deprecated: use "AmazonCloudWatchAgent.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this +AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's +deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / +Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). +Deployment, Daemonset, StatefulSet.
 false
env []object - ENV vars to set on the DCGM Exporter Pods. These can then in certain cases be consumed in the config file for the Collector.
+ ENV vars to set on the DCGM Exporter Pods. These can then in certain cases be +consumed in the config file for the Collector.
 false
nodeSelector map[string]string - NodeSelector to schedule DCGM Exporter pods. This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule DCGM Exporter pods. +This is only relevant to daemonset, statefulset, and deployment mode
 false
ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator +will attempt to infer the required ports by parsing the .Spec.Config property but this property can be +used to open additional ports that can't be inferred by the operator, like for custom receivers.
 false
serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, +the operator will not automatically create a ServiceAccount for the collector.
 false
false
tolerations[]object + Toleration to schedule DCGM Exporter pods. +This is only relevant to daemonset, statefulset, and deployment mode
+ 		false
volumeMounts []objectpreferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
 false
@@ -13314,7 +18519,8 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -13336,14 +18542,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -13355,7 +18566,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -13377,14 +18589,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -13396,7 +18613,11 @@ A node selector requirement is a selector that contains values, a key, and an op -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -13423,7 +18644,9 @@ If the affinity requirements specified by this field are not met at scheduling t -A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -13457,7 +18680,8 @@ A null or empty node selector term matches no objects. The requirements of them -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -13479,14 +18703,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -13498,7 +18727,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -13520,14 +18750,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -13554,14 +18789,28 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -13595,7 +18844,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -13624,42 +18874,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -13671,7 +18949,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -13693,7 +18972,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -13705,7 +18986,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -13727,14 +19009,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -13746,7 +19032,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -13768,7 +19058,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -13780,7 +19072,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -13802,14 +19095,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -13821,7 +19118,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -13836,42 +19138,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -13883,7 +19213,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -13905,7 +19236,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -13917,7 +19250,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -13939,14 +19273,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -13958,7 +19296,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -13980,7 +19322,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -13992,7 +19336,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14014,14 +19359,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14048,14 +19397,28 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -14089,7 +19452,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -14118,42 +19482,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -14165,7 +19557,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -14187,7 +19580,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -14199,7 +19594,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14221,14 +19617,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14240,7 +19640,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -14262,7 +19666,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -14274,7 +19680,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14296,14 +19703,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14315,7 +19726,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -14330,42 +19746,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -14377,7 +19821,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -14399,7 +19844,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -14411,7 +19858,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14433,14 +19881,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14452,7 +19904,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -14474,7 +19930,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -14486,7 +19944,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -14508,14 +19967,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -14549,7 +20012,15 @@ EnvVar represents an environment variable present in a Container. @@ -14590,14 +20061,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -14638,7 +20111,9 @@ Selects a key of a ConfigMap. @@ -14657,7 +20132,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -14691,7 +20167,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -14754,7 +20231,9 @@ Selects a key of a secret in the pod's namespace @@ -14797,24 +20276,50 @@ ServicePort contains information on service's port. @@ -14823,7 +20328,8 @@ ServicePort contains information on service's port. @@ -14832,7 +20338,14 @@ ServicePort contains information on service's port. @@ -14859,23 +20372,33 @@ Resources to set on the DCGM Exporter pods. @@ -14902,13 +20425,82 @@ ResourceClaim references one entry in PodSpec.ResourceClaims.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
appProtocol string - The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
+ The application protocol for this port. +This is used as a hint for implementations to offer richer behavior for protocols that they understand. +This field follows standard Kubernetes label syntax. +Valid values are either: + + +* Un-prefixed protocol names - reserved for IANA standard service names (as per +RFC-6335 and https://www.iana.org/assignments/service-names). + + +* Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + +* Other protocols should use implementation-defined prefixed names such as +mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. +All ports within a ServiceSpec must have unique names. When considering +the endpoints for a Service, this must match the 'name' field in the +EndpointPort. +Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is +NodePort or LoadBalancer. Usually assigned by the system. If a value is +specified, in-range, and not in use it will be used, otherwise the +operation will fail. If not specified, a port will be allocated if this +Service requires one. If this field is specified when creating a +Service which does not need it, creation will fail. This field will be +wiped when updating a Service to no longer need it (e.g. changing type +from NodePort to ClusterIP). +More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". +Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. +Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +If this is a string, it will be looked up as a named port in the +target Pod's container ports. If this is not specified, the value +of the 'port' field is used (an identity map). +This field is ignored for services with clusterIP=None, and should be +omitted or set equal to the 'port' field. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
+### DcgmExporter.spec.tolerations[index] +[↩ Parent](#dcgmexporterspec) + + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
+ 		false
+ + ### DcgmExporter.spec.volumeMounts[index] [↩ Parent](#dcgmexporterspec) @@ -14929,7 +20521,8 @@ VolumeMount describes a mounting of a Volume within a container. mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
true @@ -14943,28 +20536,36 @@ VolumeMount describes a mounting of a Volume within a container. mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
false readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
false subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
false subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
false @@ -14991,14 +20592,18 @@ Volume represents a named volume in a pod that may be accessed by any container name string - name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
true awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false @@ -15026,7 +20631,8 @@ Volume represents a named volume in a pod that may be accessed by any container cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
false @@ -15054,18 +20660,42 @@ Volume represents a named volume in a pod that may be accessed by any container emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
false ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
false @@ -15079,7 +20709,8 @@ Volume represents a named volume in a pod that may be accessed by any container flexVolume object - flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
false @@ -15093,49 +20724,67 @@ Volume represents a named volume in a pod that may be accessed by any container gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
false gitRepo object - gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
false glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
false hostPath object - hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
false iscsi object - iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
false nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
false persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
false @@ -15170,7 +20819,8 @@ Volume represents a named volume in a pod that may be accessed by any container rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
false @@ -15184,7 +20834,8 @@ Volume represents a named volume in a pod that may be accessed by any container secret object - secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
false @@ -15210,7 +20861,9 @@ Volume represents a named volume in a pod that may be accessed by any container -awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -15225,21 +20878,29 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -15248,7 +20909,8 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -15296,7 +20958,9 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -15310,7 +20974,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -15351,7 +21016,8 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -15378,7 +21044,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -15392,28 +21059,33 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -15425,7 +21097,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -15440,7 +21113,9 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U @@ -15452,7 +21127,8 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U -cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -15467,28 +21143,35 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. @@ -15500,7 +21183,8 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. -secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
@@ -15515,7 +21199,9 @@ secretRef is optional: points to a secret object containing parameters used to c @@ -15542,7 +21228,13 @@ configMap represents a configMap that should populate this volume @@ -15551,14 +21243,22 @@ configMap represents a configMap that should populate this volume @@ -15599,14 +21299,22 @@ Maps a string key to a path within a volume. @@ -15635,35 +21343,44 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -15675,7 +21392,11 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b -nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
@@ -15690,7 +21411,9 @@ nodePublishSecretRef is a reference to the secret object containing sensitive in @@ -15717,7 +21440,14 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -15767,7 +21497,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -15776,7 +21511,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -15822,7 +21558,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -15863,7 +21600,8 @@ Selects a resource of the container: only resources limits and requests (limits. -emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -15878,14 +21616,22 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf @@ -15897,11 +21643,34 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf -ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -15916,10 +21685,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v @@ -15931,10 +21720,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v -Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
@@ -15949,14 +21758,19 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi @@ -15968,7 +21782,10 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi -The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
@@ -15983,28 +21800,62 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -16018,21 +21869,34 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -16051,7 +21915,14 @@ The specification for the PersistentVolumeClaim. The entire content is copied un -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
@@ -16080,7 +21951,9 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj @@ -16092,7 +21965,29 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
@@ -16121,14 +22016,18 @@ dataSourceRef specifies the object from which to populate the volume with data, @@ -16140,7 +22039,11 @@ dataSourceRef specifies the object from which to populate the volume with data, -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -16155,14 +22058,18 @@ resources represents the minimum resources the volume should have. If RecoverVol @@ -16196,7 +22103,9 @@ selector is a label query over volumes to consider for binding. @@ -16208,7 +22117,8 @@ selector is a label query over volumes to consider for binding. -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -16230,14 +22140,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -16249,7 +22163,9 @@ A label selector requirement is a selector that contains values, a key, and an o -May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -16319,7 +22235,10 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -16335,7 +22254,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -16349,7 +22269,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -16361,7 +22282,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach -flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -16383,7 +22305,9 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -16397,14 +22321,19 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -16416,7 +22345,11 @@ flexVolume represents a generic volume resource that is provisioned/attached usi -secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
@@ -16431,7 +22364,9 @@ secretRef is Optional: secretRef is reference to the secret object containing se @@ -16458,7 +22393,8 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -16477,7 +22413,9 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d -gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
@@ -16492,21 +22430,30 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -16515,7 +22462,9 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -16527,7 +22476,10 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's -gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -16549,7 +22501,10 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep @@ -16568,7 +22523,8 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
@@ -16583,21 +22539,25 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. @@ -16609,7 +22569,14 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -16624,14 +22591,18 @@ hostPath represents a pre-existing file or directory on the host machine that is @@ -16643,7 +22614,9 @@ hostPath represents a pre-existing file or directory on the host machine that is -iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -16674,7 +22647,8 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -16695,35 +22669,44 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -16757,7 +22740,9 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -16769,7 +22754,8 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication -nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -16784,21 +22770,25 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: @@ -16810,7 +22800,9 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: -persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -16825,14 +22817,16 @@ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl @@ -16866,7 +22860,9 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -16900,14 +22896,17 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -16934,7 +22933,12 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -16970,10 +22974,22 @@ Projection that may be projected along with other supported volume types @@ -17013,10 +23029,22 @@ Projection that may be projected along with other supported volume types -ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundle object - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
 false
@@ -17038,28 +23066,38 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust @@ -17071,7 +23109,10 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust -Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
+ Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive +with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) +aren't available. If using name, then the named ClusterTrustBundle is +allowed not to exist. If using signerName, then the combination of +signerName and labelSelector is allowed to match zero +ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. +Mutually-exclusive with name. The contents of all selected +ClusterTrustBundles will be unified and deduplicated.
 false
@@ -17093,7 +23134,9 @@ Select all ClusterTrustBundles that match this label selector. Only has effect @@ -17105,7 +23148,8 @@ Select all ClusterTrustBundles that match this label selector. Only has effect -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -17127,14 +23171,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -17161,14 +23209,22 @@ configMap information about the configMap data to project @@ -17209,14 +23265,22 @@ Maps a string key to a path within a volume. @@ -17286,7 +23350,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -17295,7 +23364,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -17341,7 +23411,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -17397,14 +23468,22 @@ secret information about the secret data to project @@ -17445,14 +23524,22 @@ Maps a string key to a path within a volume. @@ -17481,21 +23568,30 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -17524,7 +23620,9 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -17538,28 +23636,32 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -17571,7 +23673,8 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the token into.
+ path is the path relative to the mount point of the file to project the +token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
 true
group string - group to map volume access to Default is no group
+ group to map volume access to +Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to Defaults to serivceaccount user
+ user to map volume access to +Defaults to serivceaccount user
 false
@@ -17586,56 +23689,73 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti @@ -17647,7 +23767,10 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti -secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -17662,7 +23785,9 @@ secretRef is name of the authentication secret for RBDUser. If provided override @@ -17696,7 +23821,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17710,7 +23836,10 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17724,7 +23853,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17738,7 +23868,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17752,7 +23883,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -17764,7 +23896,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete -secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
@@ -17779,7 +23912,9 @@ secretRef references to the secret for ScaleIO user and other sensitive informat @@ -17791,7 +23926,8 @@ secretRef references to the secret for ScaleIO user and other sensitive informat -secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -17806,7 +23942,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -17815,7 +23957,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -17829,7 +23977,8 @@ secret represents a secret that should populate this volume. More info: https:// @@ -17863,14 +24012,22 @@ Maps a string key to a path within a volume. @@ -17899,35 +24056,45 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -17939,7 +24106,8 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes -secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -17954,7 +24122,9 @@ secretRef specifies the secret to use for obtaining the StorageOS API credential @@ -17988,7 +24158,9 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -18036,14 +24208,16 @@ DcgmExporterStatus defines the observed state of DcgmExporter. @@ -18086,7 +24260,8 @@ Scale is the DcgmExporter's scale subresource status. @@ -18095,14 +24270,17 @@ Scale is the DcgmExporter's scale subresource status. @@ -18196,7 +24374,9 @@ InstrumentationSpec defines the desired state of OpenTelemetry SDK and instrumen @@ -18210,7 +24390,10 @@ InstrumentationSpec defines the desired state of OpenTelemetry SDK and instrumen @@ -18238,7 +24421,9 @@ InstrumentationSpec defines the desired state of OpenTelemetry SDK and instrumen @@ -18286,21 +24471,26 @@ ApacheHttpd defines configuration for Apache HTTPD auto-instrumentation. @@ -18328,7 +24518,8 @@ ApacheHttpd defines configuration for Apache HTTPD auto-instrumentation. @@ -18362,7 +24553,15 @@ EnvVar represents an environment variable present in a Container. @@ -18403,14 +24602,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -18451,7 +24652,9 @@ Selects a key of a ConfigMap. @@ -18470,7 +24673,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. +Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. Deprecated: use "DcgmExporter.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. +Deprecated: use "DcgmExporter.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this +AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's +deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / +Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). +Deployment, Daemonset, StatefulSet.
 false
env []object - Env defines common env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines common env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
go object - Go defines configuration for Go auto-instrumentation. When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
+ Go defines configuration for Go auto-instrumentation. +When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the +Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. +Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
 false
propagators []enum - Propagators defines inter-process context propagation configuration. Values in this list will be set in the OTEL_PROPAGATORS env var. Enum=tracecontext;baggage;b3;b3multi;jaeger;xray;ottrace;none
+ Propagators defines inter-process context propagation configuration. +Values in this list will be set in the OTEL_PROPAGATORS env var. +Enum=tracecontext;baggage;b3;b3multi;jaeger;xray;ottrace;none
 false
attrs []object - Attrs defines Apache HTTPD agent specific attributes. The precedence is: `agent default attributes` > `instrument spec attributes` . Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
+ Attrs defines Apache HTTPD agent specific attributes. The precedence is: +`agent default attributes` > `instrument spec attributes` . +Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
 false
configPath string - Location of Apache HTTPD server configuration. Needed only if different from default "/usr/local/apache2/conf"
+ Location of Apache HTTPD server configuration. +Needed only if different from default "/usr/local/apache2/conf"
 false
env []object - Env defines Apache HTTPD specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines Apache HTTPD specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -18504,7 +24708,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -18567,7 +24772,9 @@ Selects a key of a secret in the pod's namespace @@ -18608,7 +24815,15 @@ EnvVar represents an environment variable present in a Container. @@ -18649,14 +24864,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -18697,7 +24914,9 @@ Selects a key of a ConfigMap. @@ -18716,7 +24935,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -18750,7 +24970,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -18813,7 +25034,9 @@ Selects a key of a secret in the pod's namespace @@ -18847,23 +25070,33 @@ Resources describes the compute resource requirements. @@ -18890,7 +25123,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -18917,7 +25152,9 @@ DotNet defines configuration for DotNet auto-instrumentation. @@ -18938,7 +25175,8 @@ DotNet defines configuration for DotNet auto-instrumentation. @@ -18972,7 +25210,15 @@ EnvVar represents an environment variable present in a Container. @@ -19013,14 +25259,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -19061,7 +25309,9 @@ Selects a key of a ConfigMap. @@ -19080,7 +25330,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
env []object - Env defines DotNet specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines DotNet specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -19114,7 +25365,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -19177,7 +25429,9 @@ Selects a key of a secret in the pod's namespace @@ -19211,23 +25465,33 @@ Resources describes the compute resource requirements. @@ -19254,7 +25518,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -19288,7 +25554,15 @@ EnvVar represents an environment variable present in a Container. @@ -19329,14 +25603,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -19377,7 +25653,9 @@ Selects a key of a ConfigMap. @@ -19396,7 +25674,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -19430,7 +25709,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -19493,7 +25773,9 @@ Selects a key of a secret in the pod's namespace @@ -19539,7 +25821,10 @@ Exporter defines exporter configuration. -Go defines configuration for Go auto-instrumentation. When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged. +Go defines configuration for Go auto-instrumentation. +When using Go auto-instrumentation you must provide a value for the OTEL_GO_AUTO_TARGET_EXE env var via the +Instrumentation env vars or via the instrumentation.opentelemetry.io/otel-go-auto-target-exe pod annotation. +Failure to set this value causes instrumentation injection to abort, leaving the original pod unchanged.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -19554,7 +25839,9 @@ Go defines configuration for Go auto-instrumentation. When using Go auto-instrum @@ -19575,7 +25862,8 @@ Go defines configuration for Go auto-instrumentation. When using Go auto-instrum @@ -19609,7 +25897,15 @@ EnvVar represents an environment variable present in a Container. @@ -19650,14 +25946,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -19698,7 +25996,9 @@ Selects a key of a ConfigMap. @@ -19717,7 +26017,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
env []object - Env defines Go specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines Go specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -19751,7 +26052,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -19814,7 +26116,9 @@ Selects a key of a secret in the pod's namespace @@ -19848,23 +26152,33 @@ Resources describes the compute resource requirements. @@ -19891,7 +26205,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -19918,7 +26234,9 @@ Java defines configuration for java auto-instrumentation. @@ -19939,7 +26257,8 @@ Java defines configuration for java auto-instrumentation. @@ -19973,7 +26292,15 @@ EnvVar represents an environment variable present in a Container. @@ -20014,14 +26341,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -20062,7 +26391,9 @@ Selects a key of a ConfigMap. @@ -20081,7 +26412,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
env []object - Env defines java specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines java specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -20115,7 +26447,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -20178,7 +26511,9 @@ Selects a key of a secret in the pod's namespace @@ -20212,23 +26547,33 @@ Resources describes the compute resource requirements. @@ -20255,7 +26600,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -20282,21 +26629,26 @@ Nginx defines configuration for Nginx auto-instrumentation. @@ -20317,7 +26669,8 @@ Nginx defines configuration for Nginx auto-instrumentation. @@ -20351,7 +26704,15 @@ EnvVar represents an environment variable present in a Container. @@ -20392,14 +26753,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -20440,7 +26803,9 @@ Selects a key of a ConfigMap. @@ -20459,7 +26824,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
attrs []object - Attrs defines Nginx agent specific attributes. The precedence order is: `agent default attributes` > `instrument spec attributes` . Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
+ Attrs defines Nginx agent specific attributes. The precedence order is: +`agent default attributes` > `instrument spec attributes` . +Attributes are documented at https://github.com/open-telemetry/opentelemetry-cpp-contrib/tree/main/instrumentation/otel-webserver-module
 false
configFile string - Location of Nginx configuration file. Needed only if different from default "/etx/nginx/nginx.conf"
+ Location of Nginx configuration file. +Needed only if different from default "/etx/nginx/nginx.conf"
 false
env []object - Env defines Nginx specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines Nginx specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -20493,7 +26859,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -20556,7 +26923,9 @@ Selects a key of a secret in the pod's namespace @@ -20597,7 +26966,15 @@ EnvVar represents an environment variable present in a Container. @@ -20638,14 +27015,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -20686,7 +27065,9 @@ Selects a key of a ConfigMap. @@ -20705,7 +27086,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -20739,7 +27121,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -20802,7 +27185,9 @@ Selects a key of a secret in the pod's namespace @@ -20836,23 +27221,33 @@ Resources describes the compute resource requirements. @@ -20879,7 +27274,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -20906,7 +27303,9 @@ NodeJS defines configuration for nodejs auto-instrumentation. @@ -20927,7 +27326,8 @@ NodeJS defines configuration for nodejs auto-instrumentation. @@ -20961,7 +27361,15 @@ EnvVar represents an environment variable present in a Container. @@ -21002,14 +27410,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -21050,7 +27460,9 @@ Selects a key of a ConfigMap. @@ -21069,7 +27481,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
env []object - Env defines nodejs specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines nodejs specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -21103,7 +27516,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -21166,7 +27580,9 @@ Selects a key of a secret in the pod's namespace @@ -21200,23 +27616,33 @@ Resources describes the compute resource requirements. @@ -21243,7 +27669,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -21270,7 +27698,9 @@ Python defines configuration for python auto-instrumentation. @@ -21291,7 +27721,8 @@ Python defines configuration for python auto-instrumentation. @@ -21325,7 +27756,15 @@ EnvVar represents an environment variable present in a Container. @@ -21366,14 +27805,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -21414,7 +27855,9 @@ Selects a key of a ConfigMap. @@ -21433,7 +27876,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
env []object - Env defines python specific env vars. There are four layers for env vars' definitions and the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. If the former var had been defined, then the other vars would be ignored.
+ Env defines python specific env vars. There are four layers for env vars' definitions and +the precedence order is: `original container env vars` > `language specific env vars` > `common env vars` > `instrument spec configs' vars`. +If the former var had been defined, then the other vars would be ignored.
 false
volumeLimitSize int or string - VolumeSizeLimit defines size limit for volume used for auto-instrumentation. The default size is 200Mi.
+ VolumeSizeLimit defines size limit for volume used for auto-instrumentation. +The default size is 200Mi.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -21467,7 +27911,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -21530,7 +27975,9 @@ Selects a key of a secret in the pod's namespace @@ -21564,23 +28011,33 @@ Resources describes the compute resource requirements. @@ -21607,7 +28064,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -21641,7 +28100,8 @@ Resource defines the configuration for the resource attributes, as defined by th @@ -21668,14 +28128,19 @@ Sampler defines sampling configuration. @@ -21771,14 +28236,22 @@ NeuronMonitorSpec defines the desired state of NeuronMonitor. @@ -21799,14 +28272,17 @@ NeuronMonitorSpec defines the desired state of NeuronMonitor. @@ -21820,16 +28296,33 @@ NeuronMonitorSpec defines the desired state of NeuronMonitor. + + + + + @@ -21911,14 +28404,26 @@ Describes node affinity scheduling rules for the pod. @@ -21930,7 +28435,8 @@ Describes node affinity scheduling rules for the pod. -An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
resourceAttributes map[string]string - Attributes defines attributes that are added to the resource. For example environment: dev
+ Attributes defines attributes that are added to the resource. +For example environment: dev
 false
argument string - Argument defines sampler argument. The value depends on the sampler type. For instance for parentbased_traceidratio sampler type it is a number in range [0..1] e.g. 0.25. The value will be set in the OTEL_TRACES_SAMPLER_ARG env var.
+ Argument defines sampler argument. +The value depends on the sampler type. +For instance for parentbased_traceidratio sampler type it is a number in range [0..1] e.g. 0.25. +The value will be set in the OTEL_TRACES_SAMPLER_ARG env var.
 false
type enum - Type defines sampler type. The value will be set in the OTEL_TRACES_SAMPLER env var. The value can be for instance parentbased_always_on, parentbased_always_off, parentbased_traceidratio...
+ Type defines sampler type. +The value will be set in the OTEL_TRACES_SAMPLER env var. +The value can be for instance parentbased_always_on, parentbased_always_off, parentbased_traceidratio...

Enum: always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, parentbased_traceidratio, jaeger_remote, xray
command []string - Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object - ENV vars to set on the Neuron Monitor Exporter Pods. These can then in certain cases be consumed in the config file for the Collector.
+ ENV vars to set on the Neuron Monitor Exporter Pods. These can then in certain cases be +consumed in the config file for the Collector.
 false
nodeSelector map[string]string - NodeSelector to schedule Neuron Monitor Exporter pods. This is only relevant to daemonset, statefulset, and deployment mode
+ NodeSelector to schedule Neuron Monitor Exporter pods. +This is only relevant to daemonset, statefulset, and deployment mode
 false
ports []object - Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator will attempt to infer the required ports by parsing the .Spec.Config property but this property can be used to open additional ports that can't be inferred by the operator, like for custom receivers.
+ Ports allows a set of ports to be exposed by the underlying v1.Service. By default, the operator +will attempt to infer the required ports by parsing the .Spec.Config property but this property can be +used to open additional ports that can't be inferred by the operator, like for custom receivers.
 false
securityContext object - SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container.
+ SecurityContext configures the container security context for +the amazon-cloudwatch-agent container. + + +In deployment, daemonset, or statefulset mode, this controls +the security context settings for the primary application +container. + + +In sidecar mode, this controls the security context for the +injected sidecar container.
 false
serviceAccount string - ServiceAccount indicates the name of an existing service account to use with this instance. When set, the operator will not automatically create a ServiceAccount for the collector.
+ ServiceAccount indicates the name of an existing service account to use with this instance. When set, +the operator will not automatically create a ServiceAccount for the collector.
+ 		false
tolerations[]object + Toleration to schedule Neuron Monitor Exporter pods. +This is only relevant to daemonset, statefulset, and deployment mode
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
 false
@@ -22000,7 +28506,8 @@ A node selector term, associated with the corresponding weight. -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -22022,14 +28529,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -22041,7 +28553,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -22063,14 +28576,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -22082,7 +28600,11 @@ A node selector requirement is a selector that contains values, a key, and an op -If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -22109,7 +28631,9 @@ If the affinity requirements specified by this field are not met at scheduling t -A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
@@ -22143,7 +28667,8 @@ A null or empty node selector term matches no objects. The requirements of them -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
@@ -22165,14 +28690,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -22184,7 +28714,8 @@ A node selector requirement is a selector that contains values, a key, and an op -A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
@@ -22206,14 +28737,19 @@ A node selector requirement is a selector that contains values, a key, and an op @@ -22240,14 +28776,28 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod @@ -22281,7 +28831,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -22310,42 +28861,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -22357,7 +28936,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
 true
values []string - An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -22379,7 +28959,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -22391,7 +28973,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22413,14 +28996,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22432,7 +29019,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -22454,7 +29045,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -22466,7 +29059,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22488,14 +29082,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22507,7 +29105,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -22522,42 +29125,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -22569,7 +29200,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -22591,7 +29223,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -22603,7 +29237,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22625,14 +29260,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22644,7 +29283,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -22666,7 +29309,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -22678,7 +29323,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22700,14 +29346,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22734,14 +29384,28 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the @@ -22775,7 +29439,8 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n @@ -22804,42 +29469,70 @@ Required. A pod affinity term, associated with the corresponding weight. @@ -22851,7 +29544,8 @@ Required. A pod affinity term, associated with the corresponding weight. -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
preferredDuringSchedulingIgnoredDuringExecution []object - The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
requiredDuringSchedulingIgnoredDuringExecution []object - If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
weight integer - weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.

Format: int32
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -22873,7 +29567,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -22885,7 +29581,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22907,14 +29604,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -22926,7 +29627,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -22948,7 +29653,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -22960,7 +29667,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -22982,14 +29690,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -23001,7 +29713,12 @@ A label selector requirement is a selector that contains values, a key, and an o -Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -23016,42 +29733,70 @@ Defines a set of pods (namely those matching the labelSelector relative to the g @@ -23063,7 +29808,8 @@ Defines a set of pods (namely those matching the labelSelector relative to the g -A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. +A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
topologyKey string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
labelSelector object - A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.
+ A label query over a set of resources, in this case pods. +If it's null, this PodAffinityTerm matches with no Pods.
 false
matchLabelKeys []string - MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +Also, MatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
mismatchLabelKeys []string - MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ MismatchLabelKeys is a set of pod label keys to select which pods will +be taken into consideration. The keys are used to lookup values from the +incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` +to select the group of existing pods which pods will be taken into consideration +for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming +pod labels will be ignored. The default value is empty. +The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. +Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. +This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
 false
namespaceSelector object - A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
namespaces []string - namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
@@ -23085,7 +29831,9 @@ A label query over a set of resources, in this case pods. If it's null, this Pod @@ -23097,7 +29845,8 @@ A label query over a set of resources, in this case pods. If it's null, this Pod -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -23119,14 +29868,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -23138,7 +29891,11 @@ A label selector requirement is a selector that contains values, a key, and an o -A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -23160,7 +29917,9 @@ A label query over the set of namespaces that the term applies to. The term is a @@ -23172,7 +29931,8 @@ A label query over the set of namespaces that the term applies to. The term is a -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -23194,14 +29954,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -23235,7 +29999,15 @@ EnvVar represents an environment variable present in a Container. @@ -23276,14 +30048,16 @@ Source for the environment variable's value. Cannot be used if value is not empt @@ -23324,7 +30098,9 @@ Selects a key of a ConfigMap. @@ -23343,7 +30119,8 @@ Selects a key of a ConfigMap. -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
value string - Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
fieldRef object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -23377,7 +30154,8 @@ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadat -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
@@ -23440,7 +30218,9 @@ Selects a key of a secret in the pod's namespace @@ -23483,24 +30263,50 @@ ServicePort contains information on service's port. @@ -23509,7 +30315,8 @@ ServicePort contains information on service's port. @@ -23518,7 +30325,14 @@ ServicePort contains information on service's port. @@ -23545,23 +30359,33 @@ Resources to set on the Neuron Monitor Exporter pods. @@ -23588,7 +30412,9 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -23600,9 +30426,17 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. -SecurityContext configures the container security context for the amazon-cloudwatch-agent container. - In deployment, daemonset, or statefulset mode, this controls the security context settings for the primary application container. - In sidecar mode, this controls the security context for the injected sidecar container. +SecurityContext configures the container security context for +the amazon-cloudwatch-agent container. + + +In deployment, daemonset, or statefulset mode, this controls +the security context settings for the primary application +container. + + +In sidecar mode, this controls the security context for the +injected sidecar container.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
appProtocol string - The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: - * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
+ The application protocol for this port. +This is used as a hint for implementations to offer richer behavior for protocols that they understand. +This field follows standard Kubernetes label syntax. +Valid values are either: + + +* Un-prefixed protocol names - reserved for IANA standard service names (as per +RFC-6335 and https://www.iana.org/assignments/service-names). + + +* Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + +* Other protocols should use implementation-defined prefixed names such as +mycompany.com/my-custom-protocol.
 false
name string - The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ The name of this port within the service. This must be a DNS_LABEL. +All ports within a ServiceSpec must have unique names. When considering +the endpoints for a Service, this must match the 'name' field in the +EndpointPort. +Optional if only one ServicePort is defined on this service.
 false
nodePort integer - The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ The port on each node on which this service is exposed when type is +NodePort or LoadBalancer. Usually assigned by the system. If a value is +specified, in-range, and not in use it will be used, otherwise the +operation will fail. If not specified, a port will be allocated if this +Service requires one. If this field is specified when creating a +Service which does not need it, creation will fail. This field will be +wiped when updating a Service to no longer need it (e.g. changing type +from NodePort to ClusterIP). +More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

Format: int32
protocol string - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". +Default is TCP.

Default: TCP
targetPort int or string - Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ Number or name of the port to access on the pods targeted by the service. +Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. +If this is a string, it will be looked up as a named port in the +target Pod's container ports. If this is not specified, the value +of the 'port' field is used (an identity map). +This field is ignored for services with clusterIP=None, and should be +omitted or set equal to the 'port' field. +More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
 false
claims []object - Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
name string - Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
@@ -23617,42 +30451,63 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -23661,14 +30516,23 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -23677,21 +30541,31 @@ SecurityContext configures the container security context for the amazon-cloudwa @@ -23703,7 +30577,9 @@ SecurityContext configures the container security context for the amazon-cloudwa -The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
allowPrivilegeEscalation boolean - AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object - The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+ The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean - Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+ Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
 false
procMount string - procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean - Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer - The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
runAsNonRoot boolean - Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer - The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.

Format: int64
seLinuxOptions object - The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+ The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object - The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+ The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object - The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+ The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
@@ -23737,7 +30613,11 @@ The capabilities to add/drop when running containers. Defaults to the default se -The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
@@ -23785,7 +30665,10 @@ The SELinux context to be applied to the container. If unspecified, the containe -The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
@@ -23800,15 +30683,23 @@ The seccomp options to use by this container. If seccomp options are provided at @@ -23820,7 +30711,10 @@ The seccomp options to use by this container. If seccomp options are provided at -The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
type string - type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
localhostProfile string - localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
@@ -23835,7 +30729,9 @@ The Windows specific settings applied to all containers. If unspecified, the opt @@ -23849,14 +30745,87 @@ The Windows specific settings applied to all containers. If unspecified, the opt + + +
gmsaCredentialSpec string - GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
hostProcess boolean - HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string - The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
+ + +### NeuronMonitor.spec.tolerations[index] +[↩ Parent](#neuronmonitorspec) + + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -23883,7 +30852,8 @@ VolumeMount describes a mounting of a Volume within a container. @@ -23897,28 +30867,36 @@ VolumeMount describes a mounting of a Volume within a container. @@ -23945,14 +30923,18 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -23980,7 +30962,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24008,18 +30991,42 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24033,7 +31040,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24047,49 +31055,67 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24124,7 +31150,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24138,7 +31165,8 @@ Volume represents a named volume in a pod that may be accessed by any container @@ -24164,7 +31192,9 @@ Volume represents a named volume in a pod that may be accessed by any container -awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
 false
mountPath string - Path within the container at which the volume should be mounted. Must not contain ':'.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
mountPropagation string - mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+ Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
 false
subPath string - Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+ Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
 false
subPathExpr string - Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+ Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
name string - name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 true
awsElasticBlockStore object - awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
cinder object - cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
emptyDir object - emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
ephemeral object - ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
+ ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
 false
flexVolume object - flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
 false
gcePersistentDisk object - gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
gitRepo object - gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
 false
glusterfs object - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
hostPath object - hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
 false
iscsi object - iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
nfs object - nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
persistentVolumeClaim object - persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
rbd object - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
 false
secret object - secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
@@ -24179,21 +31209,29 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -24202,7 +31240,8 @@ awsElasticBlockStore represents an AWS Disk resource that is attached to a kubel @@ -24250,7 +31289,9 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -24264,7 +31305,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the @@ -24305,7 +31347,8 @@ azureFile represents an Azure File Service mount on the host and bind mount to t @@ -24332,7 +31375,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -24346,28 +31390,33 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -24379,7 +31428,8 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
volumeID string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

Format: int32
readOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
fsType string - fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
monitors []string - monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretFile string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
secretRef object - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
user string - user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
@@ -24394,7 +31444,9 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U @@ -24406,7 +31458,8 @@ secretRef is Optional: SecretRef is reference to the authentication secret for U -cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -24421,28 +31474,35 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. @@ -24454,7 +31514,8 @@ cinder represents a cinder volume attached and mounted on kubelets host machine. -secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
volumeID string - volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
secretRef object - secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
+ secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
@@ -24469,7 +31530,9 @@ secretRef is optional: points to a secret object containing parameters used to c @@ -24496,7 +31559,13 @@ configMap represents a configMap that should populate this volume @@ -24505,14 +31574,22 @@ configMap represents a configMap that should populate this volume @@ -24553,14 +31630,22 @@ Maps a string key to a path within a volume. @@ -24589,35 +31674,44 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b @@ -24629,7 +31723,11 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b -nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
driver string - driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
nodePublishSecretRef object - nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
 false
volumeAttributes map[string]string - volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+ volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
@@ -24644,7 +31742,9 @@ nodePublishSecretRef is a reference to the secret object containing sensitive in @@ -24671,7 +31771,14 @@ downwardAPI represents downward API about the pod that should populate this volu @@ -24721,7 +31828,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -24730,7 +31842,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -24776,7 +31889,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
defaultMode integer - Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -24817,7 +31931,8 @@ Selects a resource of the container: only resources limits and requests (limits. -emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
@@ -24832,14 +31947,22 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf @@ -24851,11 +31974,34 @@ emptyDir represents a temporary directory that shares a pod's lifetime. More inf -ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
medium string - medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
sizeLimit int or string - sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
@@ -24870,10 +32016,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v @@ -24885,10 +32051,30 @@ ephemeral represents a volume that is handled by a cluster storage driver. The v -Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
volumeClaimTemplate object - Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
@@ -24903,14 +32089,19 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi @@ -24922,7 +32113,10 @@ Will be used to create a stand-alone PVC to provision the volume. The pod in whi -The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
spec object - The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
metadata object - May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
@@ -24937,28 +32131,62 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -24972,21 +32200,34 @@ The specification for the PersistentVolumeClaim. The entire content is copied un @@ -25005,7 +32246,14 @@ The specification for the PersistentVolumeClaim. The entire content is copied un -dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
accessModes []string - accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object - dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object - resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
storageClassName string - storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. +If specified, the CSI driver will create or update the volume with the attributes defined +in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, +it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass +will be applied to the claim but it's not allowed to reset this field to empty string once it is set. +If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass +will be set by the persistentvolume controller if it exists. +If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be +set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource +exists. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass +(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
 false
volumeMode string - volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
@@ -25034,7 +32282,9 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj @@ -25046,7 +32296,29 @@ dataSource field can be used to specify either: * An existing VolumeSnapshot obj -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
@@ -25075,14 +32347,18 @@ dataSourceRef specifies the object from which to populate the volume with data, @@ -25094,7 +32370,11 @@ dataSourceRef specifies the object from which to populate the volume with data, -resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
apiGroup string - APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
namespace string - Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
@@ -25109,14 +32389,18 @@ resources represents the minimum resources the volume should have. If RecoverVol @@ -25150,7 +32434,9 @@ selector is a label query over volumes to consider for binding. @@ -25162,7 +32448,8 @@ selector is a label query over volumes to consider for binding. -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
limits map[string]int or string - Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string - Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -25184,14 +32471,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -25203,7 +32494,9 @@ A label selector requirement is a selector that contains values, a key, and an o -May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
@@ -25273,7 +32566,10 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -25289,7 +32585,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -25303,7 +32600,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -25315,7 +32613,8 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach -flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
readOnly boolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
wwids []string - wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
@@ -25337,7 +32636,9 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -25351,14 +32652,19 @@ flexVolume represents a generic volume resource that is provisioned/attached usi @@ -25370,7 +32676,11 @@ flexVolume represents a generic volume resource that is provisioned/attached usi -secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+ secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
@@ -25385,7 +32695,9 @@ secretRef is Optional: secretRef is reference to the secret object containing se @@ -25412,7 +32724,8 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d @@ -25431,7 +32744,9 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d -gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
datasetName string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
@@ -25446,21 +32761,30 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -25469,7 +32793,9 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's @@ -25481,7 +32807,10 @@ gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's -gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
pdName string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
partition integer - partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
@@ -25503,7 +32832,10 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep @@ -25522,7 +32854,8 @@ gitRepo represents a git repository at a particular revision. DEPRECATED: GitRep -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
directory string - directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
@@ -25537,21 +32870,25 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. @@ -25563,7 +32900,14 @@ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
endpoints string - endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
path string - path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
@@ -25578,14 +32922,18 @@ hostPath represents a pre-existing file or directory on the host machine that is @@ -25597,7 +32945,9 @@ hostPath represents a pre-existing file or directory on the host machine that is -iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
path string - path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
type string - type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
@@ -25628,7 +32978,8 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -25649,35 +33000,44 @@ iscsi represents an ISCSI Disk resource that is attached to a kubelet's host mac @@ -25711,7 +33071,9 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -25723,7 +33085,8 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication -nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
targetPortal string - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
initiatorName string - initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
 false
iscsiInterface string - iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+ iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
 false
portals []string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -25738,21 +33101,25 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: @@ -25764,7 +33131,9 @@ nfs represents an NFS mount on the host that shares a pod's lifetime More info: -persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
path string - path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
server string - server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnly boolean - readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
@@ -25779,14 +33148,16 @@ persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeCl @@ -25820,7 +33191,9 @@ photonPersistentDisk represents a PhotonController persistent disk attached and @@ -25854,14 +33227,17 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos @@ -25888,7 +33264,12 @@ projected items for all in one resources secrets, configmaps, and downward API @@ -25924,10 +33305,22 @@ Projection that may be projected along with other supported volume types @@ -25967,10 +33360,22 @@ Projection that may be projected along with other supported volume types -ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. +ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
claimName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
readOnly boolean - readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
fsType string - fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
defaultMode integer - defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
clusterTrustBundle object - ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field +of ClusterTrustBundle objects in an auto-updating file. + + +Alpha, gated by the ClusterTrustBundleProjection feature gate. + + +ClusterTrustBundle objects can either be selected by name, or by the +combination of signer name and a label selector. + + +Kubelet performs aggressive normalization of the PEM contents written +into the pod filesystem. Esoteric PEM features such as inter-block +comments and block headers are stripped. Certificates are deduplicated. +The ordering of certificates within the file is arbitrary, and Kubelet +may change the order over time.
 false
@@ -25992,28 +33397,38 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust @@ -26025,7 +33440,10 @@ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of Clust -Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". +Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
labelSelector object - Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything".
+ Select all ClusterTrustBundles that match this label selector. Only has +effect if signerName is set. Mutually-exclusive with name. If unset, +interpreted as "match nothing". If set but empty, interpreted as "match +everything".
 false
name string - Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive +with signerName and labelSelector.
 false
optional boolean - If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s) +aren't available. If using name, then the named ClusterTrustBundle is +allowed not to exist. If using signerName, then the combination of +signerName and labelSelector is allowed to match zero +ClusterTrustBundles.
 false
signerName string - Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
+ Select all ClusterTrustBundles that match this signer name. +Mutually-exclusive with name. The contents of all selected +ClusterTrustBundles will be unified and deduplicated.
 false
@@ -26047,7 +33465,9 @@ Select all ClusterTrustBundles that match this label selector. Only has effect @@ -26059,7 +33479,8 @@ Select all ClusterTrustBundles that match this label selector. Only has effect -A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values.
matchLabels map[string]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
@@ -26081,14 +33502,18 @@ A label selector requirement is a selector that contains values, a key, and an o @@ -26115,14 +33540,22 @@ configMap information about the configMap data to project @@ -26163,14 +33596,22 @@ Maps a string key to a path within a volume. @@ -26240,7 +33681,12 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -26249,7 +33695,8 @@ DownwardAPIVolumeFile represents information to create the file containing the p @@ -26295,7 +33742,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
operator string - operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string - values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
items []object - items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
mode integer - Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
resourceFieldRef object - Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
@@ -26351,14 +33799,22 @@ secret information about the secret data to project @@ -26399,14 +33855,22 @@ Maps a string key to a path within a volume. @@ -26435,21 +33899,30 @@ serviceAccountToken is information about the serviceAccountToken data to project @@ -26478,7 +33951,9 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -26492,28 +33967,32 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -26525,7 +34004,8 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
items []object - items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
path string - path is the path relative to the mount point of the file to project the token into.
+ path is the path relative to the mount point of the file to project the +token into.
 true
audience string - audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
 false
expirationSeconds integer - expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+ expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.

Format: int64
registry string - registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
 true
group string - group to map volume access to Default is no group
+ group to map volume access to +Default is no group
 false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
tenant string - tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
user string - user to map volume access to Defaults to serivceaccount user
+ user to map volume access to +Defaults to serivceaccount user
 false
@@ -26540,56 +34020,73 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti @@ -26601,7 +34098,10 @@ rbd represents a Rados Block Device mount on the host that shares a pod's lifeti -secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
image string - image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
monitors []string - monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
keyring string - keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
pool string - pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
readOnly boolean - readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
secretRef object - secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
user string - user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
@@ -26616,7 +34116,9 @@ secretRef is name of the authentication secret for RBDUser. If provided override @@ -26650,7 +34152,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26664,7 +34167,10 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26678,7 +34184,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26692,7 +34199,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26706,7 +34214,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete @@ -26718,7 +34227,8 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete -secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
secretRef object - secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
+ secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
 true
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
storageMode string - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
 false
volumeName string - volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+ volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
@@ -26733,7 +34243,9 @@ secretRef references to the secret for ScaleIO user and other sensitive informat @@ -26745,7 +34257,8 @@ secretRef references to the secret for ScaleIO user and other sensitive informat -secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
@@ -26760,7 +34273,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -26769,7 +34288,13 @@ secret represents a secret that should populate this volume. More info: https:// @@ -26783,7 +34308,8 @@ secret represents a secret that should populate this volume. More info: https:// @@ -26817,14 +34343,22 @@ Maps a string key to a path within a volume. @@ -26853,35 +34387,45 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes @@ -26893,7 +34437,8 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes -secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
defaultMode integer - defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
items []object - items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+ items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
secretName string - secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
path string - path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
mode integer - mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
fsType string - fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
secretRef object - secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
volumeName string - volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
volumeNamespace string - volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
@@ -26908,7 +34453,9 @@ secretRef specifies the secret to use for obtaining the StorageOS API credential @@ -26942,7 +34489,9 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host @@ -26990,14 +34539,16 @@ NeuronMonitorStatus defines the observed state of NeuronMonitor. @@ -27040,7 +34591,8 @@ Scale is the NeuronMonitor's scale subresource status. @@ -27049,14 +34601,17 @@ Scale is the NeuronMonitor's scale subresource status. From 1235400d195c76fb66333c28479d13d8c43ccada Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 19:51:33 -0400 Subject: [PATCH 16/99] Added default config. --- .../adapters/config_to_prom_config.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index cb69435ac..1263c8624 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -95,7 +95,21 @@ func ConfigToPromConfig(cfg string) (map[interface{}]interface{}, error) { // UnescapeDollarSignsInPromConfig replaces "$$" with "$" in the "replacement" fields of // both "relabel_configs" and "metric_relabel_configs" in a Prometheus configuration file. func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, error) { - prometheus, err := ConfigToPromConfig(cfg) + prometheus, err := ConfigToPromConfig(`receivers: + examplereceiver: + endpoint: "0.0.0.0:12345" + examplereceiver/settings: + endpoint: "0.0.0.0:12346" + prometheus: + config: + scrape_config: + job_name: otel-collector + scrape_interval: 10s + jaeger/custom: + protocols: + thrift_http: + endpoint: 0.0.0.0:15268 + `) // This is a temporary configuration, which is to be adjusted. if err != nil { return nil, err } From db8c52fbbab8b93d0ffb640adb6af3b28be7f082 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 20 Aug 2024 19:56:56 -0400 Subject: [PATCH 17/99] Revert "Added default config." This reverts commit 1235400d195c76fb66333c28479d13d8c43ccada. --- .../adapters/config_to_prom_config.go | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index 1263c8624..cb69435ac 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -95,21 +95,7 @@ func ConfigToPromConfig(cfg string) (map[interface{}]interface{}, error) { // UnescapeDollarSignsInPromConfig replaces "$$" with "$" in the "replacement" fields of // both "relabel_configs" and "metric_relabel_configs" in a Prometheus configuration file. func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, error) { - prometheus, err := ConfigToPromConfig(`receivers: - examplereceiver: - endpoint: "0.0.0.0:12345" - examplereceiver/settings: - endpoint: "0.0.0.0:12346" - prometheus: - config: - scrape_config: - job_name: otel-collector - scrape_interval: 10s - jaeger/custom: - protocols: - thrift_http: - endpoint: 0.0.0.0:15268 - `) // This is a temporary configuration, which is to be adjusted. + prometheus, err := ConfigToPromConfig(cfg) if err != nil { return nil, err } From 6da51f6ad3ca04dd694a40295d984f8045cbd331 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 01:45:16 -0400 Subject: [PATCH 18/99] Removed errors for testing. --- .../adapters/config_to_prom_config.go | 28 +++++++++---------- .../adapters/config_to_prom_config_test.go | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index cb69435ac..9f82081ea 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -71,22 +71,22 @@ func ConfigToPromConfig(cfg string) (map[interface{}]interface{}, error) { receiversProperty, ok := config["receivers"] if !ok { - return nil, errorNoComponent("receivers") + return nil, nil } receivers, ok := receiversProperty.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMap("receivers") + return nil, nil } prometheusProperty, ok := receivers["prometheus"] if !ok { - return nil, errorNoComponent("prometheus") + return nil, nil } prometheus, ok := prometheusProperty.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMap("prometheus") + return nil, nil } return prometheus, nil @@ -105,10 +105,10 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e return nil, err } - for i, config := range scrapeConfigs { + for _, config := range scrapeConfigs { scrapeConfig, ok := config.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMapAtIndex("scrape_config", i) + return nil, nil } relabelConfigsProperty, ok := scrapeConfig["relabel_configs"] @@ -118,13 +118,13 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e relabelConfigs, ok := relabelConfigsProperty.([]interface{}) if !ok { - return nil, errorNotAListAtIndex("relabel_configs", i) + return nil, nil } - for i, rc := range relabelConfigs { + for _, rc := range relabelConfigs { relabelConfig, rcErr := rc.(map[interface{}]interface{}) if !rcErr { - return nil, errorNotAMapAtIndex("relabel_config", i) + return nil, nil } replacementProperty, rcErr := relabelConfig["replacement"] @@ -134,7 +134,7 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e replacement, rcErr := replacementProperty.(string) if !rcErr { - return nil, errorNotAStringAtIndex("replacement", i) + return nil, nil } relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") @@ -147,13 +147,13 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e metricRelabelConfigs, ok := metricRelabelConfigsProperty.([]interface{}) if !ok { - return nil, errorNotAListAtIndex("metric_relabel_configs", i) + return nil, nil } - for i, rc := range metricRelabelConfigs { + for _, rc := range metricRelabelConfigs { relabelConfig, ok := rc.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMapAtIndex("metric_relabel_config", i) + return nil, nil } replacementProperty, ok := relabelConfig["replacement"] @@ -163,7 +163,7 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e replacement, ok := replacementProperty.(string) if !ok { - return nil, errorNotAStringAtIndex("replacement", i) + return nil, nil } relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 0fe2e8c26..94cf0b55e 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -100,7 +100,7 @@ func TestExtractPromConfigFromNullConfig(t *testing.T) { // test promConfig, err := ta.ConfigToPromConfig(configStr) - assert.Equal(t, err, fmt.Errorf("no prometheus available as part of the configuration")) + assert.Equal(t, err, nil) // verify assert.True(t, reflect.ValueOf(promConfig).IsNil()) From 36d1c6ce0996d81fe620f49726b9ebeb49366e6b Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 02:02:49 -0400 Subject: [PATCH 19/99] Revert "Removed errors for testing." This reverts commit 6da51f6ad3ca04dd694a40295d984f8045cbd331. --- .../adapters/config_to_prom_config.go | 28 +++++++++---------- .../adapters/config_to_prom_config_test.go | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index 9f82081ea..cb69435ac 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -71,22 +71,22 @@ func ConfigToPromConfig(cfg string) (map[interface{}]interface{}, error) { receiversProperty, ok := config["receivers"] if !ok { - return nil, nil + return nil, errorNoComponent("receivers") } receivers, ok := receiversProperty.(map[interface{}]interface{}) if !ok { - return nil, nil + return nil, errorNotAMap("receivers") } prometheusProperty, ok := receivers["prometheus"] if !ok { - return nil, nil + return nil, errorNoComponent("prometheus") } prometheus, ok := prometheusProperty.(map[interface{}]interface{}) if !ok { - return nil, nil + return nil, errorNotAMap("prometheus") } return prometheus, nil @@ -105,10 +105,10 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e return nil, err } - for _, config := range scrapeConfigs { + for i, config := range scrapeConfigs { scrapeConfig, ok := config.(map[interface{}]interface{}) if !ok { - return nil, nil + return nil, errorNotAMapAtIndex("scrape_config", i) } relabelConfigsProperty, ok := scrapeConfig["relabel_configs"] @@ -118,13 +118,13 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e relabelConfigs, ok := relabelConfigsProperty.([]interface{}) if !ok { - return nil, nil + return nil, errorNotAListAtIndex("relabel_configs", i) } - for _, rc := range relabelConfigs { + for i, rc := range relabelConfigs { relabelConfig, rcErr := rc.(map[interface{}]interface{}) if !rcErr { - return nil, nil + return nil, errorNotAMapAtIndex("relabel_config", i) } replacementProperty, rcErr := relabelConfig["replacement"] @@ -134,7 +134,7 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e replacement, rcErr := replacementProperty.(string) if !rcErr { - return nil, nil + return nil, errorNotAStringAtIndex("replacement", i) } relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") @@ -147,13 +147,13 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e metricRelabelConfigs, ok := metricRelabelConfigsProperty.([]interface{}) if !ok { - return nil, nil + return nil, errorNotAListAtIndex("metric_relabel_configs", i) } - for _, rc := range metricRelabelConfigs { + for i, rc := range metricRelabelConfigs { relabelConfig, ok := rc.(map[interface{}]interface{}) if !ok { - return nil, nil + return nil, errorNotAMapAtIndex("metric_relabel_config", i) } replacementProperty, ok := relabelConfig["replacement"] @@ -163,7 +163,7 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e replacement, ok := replacementProperty.(string) if !ok { - return nil, nil + return nil, errorNotAStringAtIndex("replacement", i) } relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 94cf0b55e..0fe2e8c26 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -100,7 +100,7 @@ func TestExtractPromConfigFromNullConfig(t *testing.T) { // test promConfig, err := ta.ConfigToPromConfig(configStr) - assert.Equal(t, err, nil) + assert.Equal(t, err, fmt.Errorf("no prometheus available as part of the configuration")) // verify assert.True(t, reflect.ValueOf(promConfig).IsNil()) From 3cdebd98d8b5dccd82c8bfd0256a1637763d1d4a Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 02:26:16 -0400 Subject: [PATCH 20/99] Use prometheusConfig. --- apis/v1alpha1/amazoncloudwatchagent_types.go | 3 +++ apis/v1alpha1/zz_generated.deepcopy.go | 4 ++-- apis/v1alpha2/zz_generated.deepcopy.go | 5 ++--- .../cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml | 4 ++++ internal/manifests/targetallocator/configmap.go | 2 +- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/apis/v1alpha1/amazoncloudwatchagent_types.go b/apis/v1alpha1/amazoncloudwatchagent_types.go index 4e9fa16bc..023f44aef 100644 --- a/apis/v1alpha1/amazoncloudwatchagent_types.go +++ b/apis/v1alpha1/amazoncloudwatchagent_types.go @@ -167,6 +167,9 @@ type AmazonCloudWatchAgentSpec struct { // ImagePullPolicy indicates the pull policy to be used for retrieving the container image (Always, Never, IfNotPresent) // +optional ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` + // PrometheusConfig is the raw JSON to be used as the collector's prometheus configuration. + // +optional + PrometheusConfig string `json:"prometheusConfig,omitempty"` // Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details. // +required Config string `json:"config,omitempty"` diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index c43116dd8..e5f418b27 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -7,9 +7,9 @@ package v1alpha1 import ( - v2 "k8s.io/api/autoscaling/v2" + "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/networking/v1" + "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 2833a1325..e840621e9 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -7,10 +7,9 @@ package v1alpha2 import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "k8s.io/api/core/v1" + runtime "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml index 1fd4f5252..cdd68011a 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml @@ -4800,6 +4800,10 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + prometheusConfig: + description: PrometheusConfig is the raw JSON to be used as the collector's + prometheus configuration. + type: string replicas: description: Replicas is the number of pod instances for the underlying OpenTelemetry Collector. Set this if your are not using autoscaling diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 48fc657a3..53a2dd7b3 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -34,7 +34,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { // Collector supports environment variable substitution, but the TA does not. // TA ConfigMap should have a single "$", as it does not support env var substitution - prometheusReceiverConfig, err := adapters.UnescapeDollarSignsInPromConfig(params.OtelCol.Spec.Config) + prometheusReceiverConfig, err := adapters.UnescapeDollarSignsInPromConfig(params.OtelCol.Spec.PrometheusConfig) if err != nil { return &corev1.ConfigMap{}, err } From cfe2dbe7e496be1429c85c09a75f91caf4fa5a62 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 02:48:22 -0400 Subject: [PATCH 21/99] Fix version. --- versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.txt b/versions.txt index 890ad434c..4601ab94c 100644 --- a/versions.txt +++ b/versions.txt @@ -5,7 +5,7 @@ cloudwatch-agent=1.300041.0b681 operator=1.4.1 # Represents the current release of the Target Allocator. -targetallocator=1.0.0 +targetallocator=0.90.0 # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 From c220dd513dd34538a4e85f4c31ff1c7b853ae6fc Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 11:43:46 -0400 Subject: [PATCH 22/99] Included validation in webhooks. --- apis/v1alpha1/collector_webhook.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 669efad96..0a1922727 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -6,6 +6,8 @@ package v1alpha1 import ( "context" "fmt" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" "github.com/go-logr/logr" autoscalingv2 "k8s.io/api/autoscaling/v2" @@ -166,6 +168,27 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'AdditionalContainers'", r.Spec.Mode) } + // validate target allocation + if r.Spec.TargetAllocator.Enabled && r.Spec.Mode != ModeStatefulSet { + return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the target allocation deployment", r.Spec.Mode) + } + + // validate Prometheus config for target allocation + if r.Spec.TargetAllocator.Enabled { + promCfg, err := ta.ConfigToPromConfig(r.Spec.Config) + if err != nil { + return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) + } + err = ta.ValidatePromConfig(promCfg, r.Spec.TargetAllocator.Enabled, featuregate.EnableTargetAllocatorRewrite.IsEnabled()) + if err != nil { + return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) + } + err = ta.ValidateTargetAllocatorConfig(r.Spec.TargetAllocator.PrometheusCR.Enabled, promCfg) + if err != nil { + return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) + } + } + // validator port config for _, p := range r.Spec.Ports { nameErrs := validation.IsValidPortName(p.Name) From 561b2ffae309137b11d265652885b826173a3889 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 11:45:08 -0400 Subject: [PATCH 23/99] Use prometheus config. --- apis/v1alpha1/collector_webhook.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 0a1922727..2c55e270c 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -175,7 +175,7 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings // validate Prometheus config for target allocation if r.Spec.TargetAllocator.Enabled { - promCfg, err := ta.ConfigToPromConfig(r.Spec.Config) + promCfg, err := ta.ConfigToPromConfig(r.Spec.PrometheusConfig) if err != nil { return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) } From 60a28565771240e43473062ff1d5acfc13f7c255 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 12:37:52 -0400 Subject: [PATCH 24/99] Updated webook test and added types to v1alpha2. --- apis/v1alpha1/collector_webhook_test.go | 31 +++++++++++++++++++- apis/v1alpha2/amazoncloudwatchagent_types.go | 6 ++++ apis/v1alpha2/zz_generated.deepcopy.go | 1 + docs/api.md | 7 +++++ 4 files changed, 44 insertions(+), 1 deletion(-) diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index 55dc99932..fd039bcc8 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -273,6 +273,7 @@ func TestOTELColDefaultingWebhook(t *testing.T) { scheme: testScheme, cfg: config.New( config.WithCollectorImage("collector:v0.0.0"), + config.WithTargetAllocatorImage("ta:v0.0.0"), ), } ctx := context.Background() @@ -313,7 +314,10 @@ func TestOTELColValidatingWebhook(t *testing.T) { Replicas: &three, MaxReplicas: &five, UpgradeStrategy: "adhoc", - Config: `receivers: + TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + PrometheusConfig: `receivers: examplereceiver: endpoint: "0.0.0.0:12345" examplereceiver/settings: @@ -373,6 +377,30 @@ func TestOTELColValidatingWebhook(t *testing.T) { }, expectedErr: "does not support the attribute 'tolerations'", }, + { + name: "invalid mode with target allocator", + otelcol: AmazonCloudWatchAgent{ + Spec: AmazonCloudWatchAgentSpec{ + Mode: ModeDeployment, + TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + }, + }, + expectedErr: "does not support the target allocation deployment", + }, + { + name: "invalid target allocator config", + otelcol: AmazonCloudWatchAgent{ + Spec: AmazonCloudWatchAgentSpec{ + Mode: ModeStatefulSet, + TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + }, + }, + expectedErr: "the OpenTelemetry Spec Prometheus configuration is incorrect", + }, { name: "invalid port name", otelcol: AmazonCloudWatchAgent{ @@ -755,6 +783,7 @@ func TestOTELColValidatingWebhook(t *testing.T) { scheme: testScheme, cfg: config.New( config.WithCollectorImage("collector:v0.0.0"), + config.WithTargetAllocatorImage("ta:v0.0.0"), ), } ctx := context.Background() diff --git a/apis/v1alpha2/amazoncloudwatchagent_types.go b/apis/v1alpha2/amazoncloudwatchagent_types.go index f10c0cf7f..3ced5b5cb 100644 --- a/apis/v1alpha2/amazoncloudwatchagent_types.go +++ b/apis/v1alpha2/amazoncloudwatchagent_types.go @@ -68,6 +68,9 @@ type AmazonCloudWatchAgentSpec struct { // Collector and Target Allocator pods. // +optional PodAnnotations map[string]string `json:"podAnnotations,omitempty"` + // TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. + // +optional + TargetAllocator v1alpha1.AmazonCloudWatchAgentTargetAllocator `json:"targetAllocator,omitempty"` // Mode represents how the collector should be deployed (deployment, daemonset, statefulset or sidecar) // +optional Mode v1alpha1.Mode `json:"mode,omitempty"` @@ -89,6 +92,9 @@ type AmazonCloudWatchAgentSpec struct { // ImagePullPolicy indicates the pull policy to be used for retrieving the container image (Always, Never, IfNotPresent) // +optional ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` + // PrometheusConfig is the raw JSON to be used as the collector's prometheus configuration. + // +optional + PrometheusConfig string `json:"prometheusConfig,omitempty"` // Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details. // +required Config string `json:"config,omitempty"` diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index e840621e9..3b6a76eae 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -121,6 +121,7 @@ func (in *AmazonCloudWatchAgentSpec) DeepCopyInto(out *AmazonCloudWatchAgentSpec (*out)[key] = val } } + in.TargetAllocator.DeepCopyInto(&out.TargetAllocator) if in.VolumeMounts != nil { in, out := &in.VolumeMounts, &out.VolumeMounts *out = make([]v1.VolumeMount, len(*in)) diff --git a/docs/api.md b/docs/api.md index 2756500c8..50dc90e2b 100644 --- a/docs/api.md +++ b/docs/api.md @@ -320,6 +320,13 @@ If not specified, the pod priority will be default or zero if there is no default.
 + + + + + From f8720f4767e7e7140455229dd179c6f391bd539e Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 13:58:45 -0400 Subject: [PATCH 25/99] Fixed test. --- apis/v1alpha1/collector_webhook.go | 1 + internal/manifests/targetallocator/deployment_test.go | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 2c55e270c..1eef6c47b 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -6,6 +6,7 @@ package v1alpha1 import ( "context" "fmt" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" diff --git a/internal/manifests/targetallocator/deployment_test.go b/internal/manifests/targetallocator/deployment_test.go index 96901d0ac..a0e7a5822 100644 --- a/internal/manifests/targetallocator/deployment_test.go +++ b/internal/manifests/targetallocator/deployment_test.go @@ -174,8 +174,8 @@ func collectorInstance() v1alpha1.AmazonCloudWatchAgent { Namespace: "default", }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ - Image: "ghcr.io/aws/amazon-cloudwatch-agent-operator/amazon-cloudwatch-agent-operator:0.47.0", - Config: string(configYAML), + Image: "ghcr.io/aws/amazon-cloudwatch-agent-operator/amazon-cloudwatch-agent-operator:0.47.0", + PrometheusConfig: string(configYAML), }, } } From 75a016845aadc15031afa9cd1859f6ce0e81ad01 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 14:31:49 -0400 Subject: [PATCH 26/99] Removed extra comma. --- internal/version/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/version/main.go b/internal/version/main.go index 7f13bc338..593f7feb6 100644 --- a/internal/version/main.go +++ b/internal/version/main.go @@ -65,7 +65,7 @@ func Get() Version { func (v Version) String() string { return fmt.Sprintf( - "Version(Operator='%v', BuildDate='%v', AmazonCloudWatchAgent='%v', Go='%v', AutoInstrumentationJava='%v', AutoInstrumentationNodeJS='%v', AutoInstrumentationPython='%v', AutoInstrumentationDotNet='%v', AutoInstrumentationGo='%v', AutoInstrumentationApacheHttpd='%v', AutoInstrumentationNginx='%v', DcgmExporter='%v', , NeuronMonitor='%v', TargetAllocator='%v')", + "Version(Operator='%v', BuildDate='%v', AmazonCloudWatchAgent='%v', Go='%v', AutoInstrumentationJava='%v', AutoInstrumentationNodeJS='%v', AutoInstrumentationPython='%v', AutoInstrumentationDotNet='%v', AutoInstrumentationGo='%v', AutoInstrumentationApacheHttpd='%v', AutoInstrumentationNginx='%v', DcgmExporter='%v', NeuronMonitor='%v', TargetAllocator='%v')", v.Operator, v.BuildDate, v.AmazonCloudWatchAgent, From a1860bdbe29da999b887635c7c42abcfde8e700f Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 14:37:16 -0400 Subject: [PATCH 27/99] Auto-generated files. --- apis/v1alpha1/zz_generated.deepcopy.go | 4 ++-- apis/v1alpha2/zz_generated.deepcopy.go | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index e5f418b27..c43116dd8 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -7,9 +7,9 @@ package v1alpha1 import ( - "k8s.io/api/autoscaling/v2" + v2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" - "k8s.io/api/networking/v1" + v1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 3b6a76eae..6000b1b37 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -7,9 +7,10 @@ package v1alpha2 import ( - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. From fe690fda0b1c8fc47e9e1341684908ed2f9fdca3 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 21 Aug 2024 16:01:33 -0400 Subject: [PATCH 28/99] Removed pod mode validation. --- apis/v1alpha1/collector_webhook.go | 5 ----- apis/v1alpha1/collector_webhook_test.go | 24 ------------------------ apis/v1alpha1/zz_generated.deepcopy.go | 4 ++-- apis/v1alpha2/zz_generated.deepcopy.go | 5 ++--- 4 files changed, 4 insertions(+), 34 deletions(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 1eef6c47b..0225a07e6 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -169,11 +169,6 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'AdditionalContainers'", r.Spec.Mode) } - // validate target allocation - if r.Spec.TargetAllocator.Enabled && r.Spec.Mode != ModeStatefulSet { - return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the target allocation deployment", r.Spec.Mode) - } - // validate Prometheus config for target allocation if r.Spec.TargetAllocator.Enabled { promCfg, err := ta.ConfigToPromConfig(r.Spec.PrometheusConfig) diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index fd039bcc8..b9475a510 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -377,30 +377,6 @@ func TestOTELColValidatingWebhook(t *testing.T) { }, expectedErr: "does not support the attribute 'tolerations'", }, - { - name: "invalid mode with target allocator", - otelcol: AmazonCloudWatchAgent{ - Spec: AmazonCloudWatchAgentSpec{ - Mode: ModeDeployment, - TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ - Enabled: true, - }, - }, - }, - expectedErr: "does not support the target allocation deployment", - }, - { - name: "invalid target allocator config", - otelcol: AmazonCloudWatchAgent{ - Spec: AmazonCloudWatchAgentSpec{ - Mode: ModeStatefulSet, - TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ - Enabled: true, - }, - }, - }, - expectedErr: "the OpenTelemetry Spec Prometheus configuration is incorrect", - }, { name: "invalid port name", otelcol: AmazonCloudWatchAgent{ diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index c43116dd8..e5f418b27 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -7,9 +7,9 @@ package v1alpha1 import ( - v2 "k8s.io/api/autoscaling/v2" + "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/networking/v1" + "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 6000b1b37..3b6a76eae 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -7,10 +7,9 @@ package v1alpha2 import ( - v1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "k8s.io/api/core/v1" + runtime "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. From 96080d25bf17b17a28198207176528c934ed19c5 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 22 Aug 2024 15:24:32 -0400 Subject: [PATCH 29/99] Made prometheusConfig format specific to its use-case. --- apis/v1alpha1/collector_webhook.go | 4 +- apis/v1alpha1/collector_webhook_test.go | 18 +- .../adapters/config_to_prom_config.go | 54 ++---- .../adapters/config_to_prom_config_test.go | 164 +++++++----------- .../manifests/targetallocator/configmap.go | 6 +- .../targetallocator/configmap_test.go | 6 +- .../targetallocator/testdata/test.yaml | 28 +-- 7 files changed, 93 insertions(+), 187 deletions(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 0225a07e6..6417b3a6f 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -7,6 +7,8 @@ import ( "context" "fmt" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" @@ -171,7 +173,7 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings // validate Prometheus config for target allocation if r.Spec.TargetAllocator.Enabled { - promCfg, err := ta.ConfigToPromConfig(r.Spec.PrometheusConfig) + promCfg, err := adapters.ConfigFromString(r.Spec.PrometheusConfig) if err != nil { return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) } diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index b9475a510..f6c94ff76 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -317,20 +317,10 @@ func TestOTELColValidatingWebhook(t *testing.T) { TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ Enabled: true, }, - PrometheusConfig: `receivers: - examplereceiver: - endpoint: "0.0.0.0:12345" - examplereceiver/settings: - endpoint: "0.0.0.0:12346" - prometheus: - config: - scrape_configs: - - job_name: otel-collector - scrape_interval: 10s - jaeger/custom: - protocols: - thrift_http: - endpoint: 0.0.0.0:15268 + PrometheusConfig: `global: + scrape_configs: + - job_name: otel-collector + scrape_interval: 10s `, Ports: []v1.ServicePort{ { diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index cb69435ac..b2554a7e4 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -39,14 +39,14 @@ func errorNotAStringAtIndex(component string, index int) error { // getScrapeConfigsFromPromConfig extracts the scrapeConfig array from prometheus receiver config. func getScrapeConfigsFromPromConfig(promReceiverConfig map[interface{}]interface{}) ([]interface{}, error) { - prometheusConfigProperty, ok := promReceiverConfig["config"] + prometheusConfigProperty, ok := promReceiverConfig["global"] if !ok { - return nil, errorNoComponent("prometheusConfig") + return nil, errorNoComponent("global") } prometheusConfig, ok := prometheusConfigProperty.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMap("prometheusConfig") + return nil, errorNotAMap("global") } scrapeConfigsProperty, ok := prometheusConfig["scrape_configs"] @@ -62,40 +62,10 @@ func getScrapeConfigsFromPromConfig(promReceiverConfig map[interface{}]interface return scrapeConfigs, nil } -// ConfigToPromConfig converts the incoming configuration object into the Prometheus receiver config. -func ConfigToPromConfig(cfg string) (map[interface{}]interface{}, error) { - config, err := adapters.ConfigFromString(cfg) - if err != nil { - return nil, err - } - - receiversProperty, ok := config["receivers"] - if !ok { - return nil, errorNoComponent("receivers") - } - - receivers, ok := receiversProperty.(map[interface{}]interface{}) - if !ok { - return nil, errorNotAMap("receivers") - } - - prometheusProperty, ok := receivers["prometheus"] - if !ok { - return nil, errorNoComponent("prometheus") - } - - prometheus, ok := prometheusProperty.(map[interface{}]interface{}) - if !ok { - return nil, errorNotAMap("prometheus") - } - - return prometheus, nil -} - // UnescapeDollarSignsInPromConfig replaces "$$" with "$" in the "replacement" fields of // both "relabel_configs" and "metric_relabel_configs" in a Prometheus configuration file. func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, error) { - prometheus, err := ConfigToPromConfig(cfg) + prometheus, err := adapters.ConfigFromString(cfg) if err != nil { return nil, err } @@ -178,14 +148,14 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e // from the `scrape_configs` section and adds a single `http_sd_configs` configuration. // The `http_sd_configs` points to the TA (Target Allocator) endpoint that provides the list of targets for the given job. func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceName string) (map[interface{}]interface{}, error) { - prometheusConfigProperty, ok := prometheus["config"] + prometheusConfigProperty, ok := prometheus["global"] if !ok { - return nil, errorNoComponent("prometheusConfig") + return nil, errorNoComponent("global") } prometheusConfig, ok := prometheusConfigProperty.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMap("prometheusConfig") + return nil, errorNotAMap("global") } scrapeConfigsProperty, ok := prometheusConfig["scrape_configs"] @@ -242,14 +212,14 @@ func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServi // If the `EnableTargetAllocatorRewrite` feature flag for the target allocator is enabled, this function // removes the existing scrape_configs from the collector's Prometheus configuration as it's not required. func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceName string) (map[interface{}]interface{}, error) { - prometheusConfigProperty, ok := prometheus["config"] + prometheusConfigProperty, ok := prometheus["global"] if !ok { - return nil, errorNoComponent("prometheusConfig") + return nil, errorNoComponent("global") } prometheusCfg, ok := prometheusConfigProperty.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMap("prometheusConfig") + return nil, errorNotAMap("global") } // Create the TargetAllocConfig dynamically if it doesn't exist @@ -274,7 +244,7 @@ func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceNa // ValidatePromConfig checks if the prometheus receiver config is valid given other collector-level settings. func ValidatePromConfig(config map[interface{}]interface{}, targetAllocatorEnabled bool, targetAllocatorRewriteEnabled bool) error { - _, promConfigExists := config["config"] + _, promConfigExists := config["global"] if targetAllocatorEnabled { if targetAllocatorRewriteEnabled { // if rewrite is enabled, we will add a target_allocator section during rewrite @@ -291,7 +261,7 @@ func ValidatePromConfig(config map[interface{}]interface{}, targetAllocatorEnabl } // if target allocator isn't enabled, we need a config section if !promConfigExists { - return errorNoComponent("prometheusConfig") + return errorNoComponent("global") } return nil diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 0fe2e8c26..132b4db0d 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -10,29 +10,22 @@ import ( "reflect" "testing" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" "github.com/stretchr/testify/assert" ) func TestExtractPromConfigFromConfig(t *testing.T) { - configStr := `receivers: - examplereceiver: - endpoint: "0.0.0.0:12345" - examplereceiver/settings: - endpoint: "0.0.0.0:12346" - prometheus: - config: - scrape_config: - job_name: otel-collector - scrape_interval: 10s - jaeger/custom: - protocols: - thrift_http: - endpoint: 0.0.0.0:15268 + configStr := ` +global: + scrape_config: + job_name: otel-collector + scrape_interval: 10s ` expectedData := map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "scrape_config": map[interface{}]interface{}{ "job_name": "otel-collector", "scrape_interval": "10s", @@ -41,7 +34,7 @@ func TestExtractPromConfigFromConfig(t *testing.T) { } // test - promConfig, err := ta.ConfigToPromConfig(configStr) + promConfig, err := adapters.ConfigFromString(configStr) assert.NoError(t, err) // verify @@ -49,25 +42,16 @@ func TestExtractPromConfigFromConfig(t *testing.T) { } func TestExtractPromConfigWithTAConfigFromConfig(t *testing.T) { - configStr := `receivers: - examplereceiver: - endpoint: "0.0.0.0:12345" - examplereceiver/settings: - endpoint: "0.0.0.0:12346" - prometheus: - config: - scrape_config: - job_name: otel-collector - scrape_interval: 10s - target_allocator: - endpoint: "test:80" - jaeger/custom: - protocols: - thrift_http: - endpoint: 0.0.0.0:15268 + configStr := ` +global: + scrape_config: + job_name: otel-collector + scrape_interval: 10s +target_allocator: + endpoint: "test:80" ` expectedData := map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "scrape_config": map[interface{}]interface{}{ "job_name": "otel-collector", "scrape_interval": "10s", @@ -79,69 +63,45 @@ func TestExtractPromConfigWithTAConfigFromConfig(t *testing.T) { } // test - promConfig, err := ta.ConfigToPromConfig(configStr) + promConfig, err := adapters.ConfigFromString(configStr) assert.NoError(t, err) // verify assert.Equal(t, expectedData, promConfig) } -func TestExtractPromConfigFromNullConfig(t *testing.T) { - configStr := `receivers: - examplereceiver: - endpoint: "0.0.0.0:12345" - examplereceiver/settings: - endpoint: "0.0.0.0:12346" - jaeger/custom: - protocols: - thrift_http: - endpoint: 0.0.0.0:15268 -` - - // test - promConfig, err := ta.ConfigToPromConfig(configStr) - assert.Equal(t, err, fmt.Errorf("no prometheus available as part of the configuration")) - - // verify - assert.True(t, reflect.ValueOf(promConfig).IsNil()) -} - func TestUnescapeDollarSignsInPromConfig(t *testing.T) { actual := ` -receivers: - prometheus: - config: - scrape_configs: - - job_name: 'example' - relabel_configs: - - source_labels: ['__meta_service_id'] - target_label: 'job' - replacement: 'my_service_$$1' - - source_labels: ['__meta_service_name'] - target_label: 'instance' - replacement: '$1' - metric_relabel_configs: - - source_labels: ['job'] - target_label: 'job' - replacement: '$$1_$2' +global: + scrape_configs: + - job_name: 'example' + relabel_configs: + - source_labels: ['__meta_service_id'] + target_label: 'job' + replacement: 'my_service_$1' + - source_labels: ['__meta_service_name'] + target_label: 'instance' + replacement: '$1' + metric_relabel_configs: + - source_labels: ['job'] + target_label: 'job' + replacement: '$1_$2' ` expected := ` -receivers: - prometheus: - config: - scrape_configs: - - job_name: 'example' - relabel_configs: - - source_labels: ['__meta_service_id'] - target_label: 'job' - replacement: 'my_service_$1' - - source_labels: ['__meta_service_name'] - target_label: 'instance' - replacement: '$1' - metric_relabel_configs: - - source_labels: ['job'] - target_label: 'job' - replacement: '$1_$2' +global: + scrape_configs: + - job_name: 'example' + relabel_configs: + - source_labels: ['__meta_service_id'] + target_label: 'job' + replacement: 'my_service_$1' + - source_labels: ['__meta_service_name'] + target_label: 'instance' + replacement: '$1' + metric_relabel_configs: + - source_labels: ['job'] + target_label: 'job' + replacement: '$1_$2' ` config, err := ta.UnescapeDollarSignsInPromConfig(actual) @@ -162,7 +122,7 @@ receivers: func TestAddHTTPSDConfigToPromConfig(t *testing.T) { t.Run("ValidConfiguration, add http_sd_config", func(t *testing.T) { cfg := map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -179,7 +139,7 @@ func TestAddHTTPSDConfigToPromConfig(t *testing.T) { } taServiceName := "test-service" expectedCfg := map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -200,7 +160,7 @@ func TestAddHTTPSDConfigToPromConfig(t *testing.T) { t.Run("invalid config property, returns error", func(t *testing.T) { cfg := map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "job_name": "test_job", "static_configs": []interface{}{ map[interface{}]interface{}{ @@ -223,7 +183,7 @@ func TestAddHTTPSDConfigToPromConfig(t *testing.T) { func TestAddTAConfigToPromConfig(t *testing.T) { t.Run("should return expected prom config map with TA config", func(t *testing.T) { cfg := map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -242,7 +202,7 @@ func TestAddTAConfigToPromConfig(t *testing.T) { taServiceName := "test-targetallocator" expectedResult := map[interface{}]interface{}{ - "config": map[interface{}]interface{}{}, + "global": map[interface{}]interface{}{}, "target_allocator": map[interface{}]interface{}{ "endpoint": "http://test-targetallocator:80", "interval": "30s", @@ -256,7 +216,7 @@ func TestAddTAConfigToPromConfig(t *testing.T) { assert.Equal(t, expectedResult, result) }) - t.Run("missing or invalid prometheusConfig property, returns error", func(t *testing.T) { + t.Run("missing or invalid global property, returns error", func(t *testing.T) { testCases := []struct { name string cfg map[interface{}]interface{} @@ -265,14 +225,14 @@ func TestAddTAConfigToPromConfig(t *testing.T) { { name: "missing config property", cfg: map[interface{}]interface{}{}, - errText: "no prometheusConfig available as part of the configuration", + errText: "no global available as part of the configuration", }, { name: "invalid config property", cfg: map[interface{}]interface{}{ - "config": "invalid", + "global": "invalid", }, - errText: "prometheusConfig property in the configuration doesn't contain valid prometheusConfig", + errText: "global property in the configuration doesn't contain valid global", }, } @@ -316,7 +276,7 @@ func TestValidatePromConfig(t *testing.T) { { description: "target_allocator enabled, config section present", config: map[interface{}]interface{}{ - "config": map[interface{}]interface{}{}, + "global": map[interface{}]interface{}{}, }, targetAllocatorEnabled: true, targetAllocatorRewriteEnabled: false, @@ -332,7 +292,7 @@ func TestValidatePromConfig(t *testing.T) { { description: "target_allocator disabled, config section present", config: map[interface{}]interface{}{ - "config": map[interface{}]interface{}{}, + "global": map[interface{}]interface{}{}, }, targetAllocatorEnabled: false, targetAllocatorRewriteEnabled: false, @@ -343,7 +303,7 @@ func TestValidatePromConfig(t *testing.T) { config: map[interface{}]interface{}{}, targetAllocatorEnabled: false, targetAllocatorRewriteEnabled: false, - expectedError: fmt.Errorf("no %s available as part of the configuration", "prometheusConfig"), + expectedError: fmt.Errorf("no %s available as part of the configuration", "global"), }, } @@ -366,7 +326,7 @@ func TestValidateTargetAllocatorConfig(t *testing.T) { { description: "scrape configs present and PrometheusCR enabled", config: map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -387,7 +347,7 @@ func TestValidateTargetAllocatorConfig(t *testing.T) { { description: "scrape configs present and PrometheusCR disabled", config: map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -415,12 +375,12 @@ func TestValidateTargetAllocatorConfig(t *testing.T) { description: "receiver config empty and PrometheusCR disabled", config: map[interface{}]interface{}{}, targetAllocatorPrometheusCR: false, - expectedError: fmt.Errorf("no %s available as part of the configuration", "prometheusConfig"), + expectedError: fmt.Errorf("no %s available as part of the configuration", "global"), }, { description: "scrape configs empty and PrometheusCR disabled", config: map[interface{}]interface{}{ - "config": map[interface{}]interface{}{ + "global": map[interface{}]interface{}{ "scrape_configs": []interface{}{}, }, }, diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 53a2dd7b3..3b1f550d8 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -42,9 +42,9 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { taConfig := make(map[interface{}]interface{}) prometheusCRConfig := make(map[interface{}]interface{}) taConfig["label_selector"] = manifestutils.SelectorLabels(params.OtelCol.ObjectMeta, collector.ComponentAmazonCloudWatchAgent) - // We only take the "config" from the returned object, if it's present - if prometheusConfig, ok := prometheusReceiverConfig["config"]; ok { - taConfig["config"] = prometheusConfig + // We only take the "global" from the returned object, if it's present + if prometheusConfig, ok := prometheusReceiverConfig["global"]; ok { + taConfig["global"] = prometheusConfig } if len(params.OtelCol.Spec.TargetAllocator.AllocationStrategy) > 0 { diff --git a/internal/manifests/targetallocator/configmap_test.go b/internal/manifests/targetallocator/configmap_test.go index 83d962436..6a49616b3 100644 --- a/internal/manifests/targetallocator/configmap_test.go +++ b/internal/manifests/targetallocator/configmap_test.go @@ -29,7 +29,7 @@ func TestDesiredConfigMap(t *testing.T) { expectedData := map[string]string{ "targetallocator.yaml": `allocation_strategy: least-weighted -config: +global: scrape_configs: - job_name: otel-collector scrape_interval: 10s @@ -65,7 +65,7 @@ label_selector: expectedData := map[string]string{ "targetallocator.yaml": `allocation_strategy: least-weighted -config: +global: scrape_configs: - job_name: otel-collector scrape_interval: 10s @@ -111,7 +111,7 @@ service_monitor_selector: expectedData := map[string]string{ "targetallocator.yaml": `allocation_strategy: least-weighted -config: +global: scrape_configs: - job_name: otel-collector scrape_interval: 10s diff --git a/internal/manifests/targetallocator/testdata/test.yaml b/internal/manifests/targetallocator/testdata/test.yaml index f03253f78..1c7539ad1 100644 --- a/internal/manifests/targetallocator/testdata/test.yaml +++ b/internal/manifests/targetallocator/testdata/test.yaml @@ -1,22 +1,6 @@ -processors: -receivers: - jaeger: - protocols: - grpc: - prometheus: - config: - scrape_configs: - - job_name: otel-collector - scrape_interval: 10s - static_configs: - - targets: [ '0.0.0.0:8888', '0.0.0.0:9999' ] - -exporters: - debug: - -service: - pipelines: - metrics: - receivers: [prometheus, jaeger] - processors: [] - exporters: [debug] +global: + scrape_configs: + - job_name: otel-collector + scrape_interval: 10s + static_configs: + - targets: [ '0.0.0.0:8888', '0.0.0.0:9999' ] \ No newline at end of file From 9939f55d808c66f255f78d2f8076878283ca5061 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 22 Aug 2024 17:23:39 -0400 Subject: [PATCH 30/99] Use config instead of global for prometheusConfig yaml. --- apis/v1alpha1/collector_webhook_test.go | 2 +- apis/v1alpha1/zz_generated.deepcopy.go | 4 +- apis/v1alpha2/zz_generated.deepcopy.go | 5 ++- .../adapters/config_to_prom_config.go | 22 +++++----- .../adapters/config_to_prom_config_test.go | 44 +++++++++---------- .../manifests/targetallocator/configmap.go | 6 +-- .../targetallocator/configmap_test.go | 6 +-- .../targetallocator/testdata/test.yaml | 2 +- 8 files changed, 46 insertions(+), 45 deletions(-) diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index f6c94ff76..b2d333442 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -317,7 +317,7 @@ func TestOTELColValidatingWebhook(t *testing.T) { TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ Enabled: true, }, - PrometheusConfig: `global: + PrometheusConfig: `config: scrape_configs: - job_name: otel-collector scrape_interval: 10s diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index e5f418b27..c43116dd8 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -7,9 +7,9 @@ package v1alpha1 import ( - "k8s.io/api/autoscaling/v2" + v2 "k8s.io/api/autoscaling/v2" corev1 "k8s.io/api/core/v1" - "k8s.io/api/networking/v1" + v1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 3b6a76eae..6000b1b37 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -7,9 +7,10 @@ package v1alpha2 import ( - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index b2554a7e4..c0590382d 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -39,14 +39,14 @@ func errorNotAStringAtIndex(component string, index int) error { // getScrapeConfigsFromPromConfig extracts the scrapeConfig array from prometheus receiver config. func getScrapeConfigsFromPromConfig(promReceiverConfig map[interface{}]interface{}) ([]interface{}, error) { - prometheusConfigProperty, ok := promReceiverConfig["global"] + prometheusConfigProperty, ok := promReceiverConfig["config"] if !ok { - return nil, errorNoComponent("global") + return nil, errorNoComponent("prometheusConfig") } prometheusConfig, ok := prometheusConfigProperty.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMap("global") + return nil, errorNotAMap("prometheusConfig") } scrapeConfigsProperty, ok := prometheusConfig["scrape_configs"] @@ -148,14 +148,14 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e // from the `scrape_configs` section and adds a single `http_sd_configs` configuration. // The `http_sd_configs` points to the TA (Target Allocator) endpoint that provides the list of targets for the given job. func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceName string) (map[interface{}]interface{}, error) { - prometheusConfigProperty, ok := prometheus["global"] + prometheusConfigProperty, ok := prometheus["config"] if !ok { - return nil, errorNoComponent("global") + return nil, errorNoComponent("prometheusConfig") } prometheusConfig, ok := prometheusConfigProperty.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMap("global") + return nil, errorNotAMap("prometheusConfig") } scrapeConfigsProperty, ok := prometheusConfig["scrape_configs"] @@ -212,14 +212,14 @@ func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServi // If the `EnableTargetAllocatorRewrite` feature flag for the target allocator is enabled, this function // removes the existing scrape_configs from the collector's Prometheus configuration as it's not required. func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceName string) (map[interface{}]interface{}, error) { - prometheusConfigProperty, ok := prometheus["global"] + prometheusConfigProperty, ok := prometheus["config"] if !ok { - return nil, errorNoComponent("global") + return nil, errorNoComponent("prometheusConfig") } prometheusCfg, ok := prometheusConfigProperty.(map[interface{}]interface{}) if !ok { - return nil, errorNotAMap("global") + return nil, errorNotAMap("prometheusConfig") } // Create the TargetAllocConfig dynamically if it doesn't exist @@ -244,7 +244,7 @@ func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceNa // ValidatePromConfig checks if the prometheus receiver config is valid given other collector-level settings. func ValidatePromConfig(config map[interface{}]interface{}, targetAllocatorEnabled bool, targetAllocatorRewriteEnabled bool) error { - _, promConfigExists := config["global"] + _, promConfigExists := config["config"] if targetAllocatorEnabled { if targetAllocatorRewriteEnabled { // if rewrite is enabled, we will add a target_allocator section during rewrite @@ -261,7 +261,7 @@ func ValidatePromConfig(config map[interface{}]interface{}, targetAllocatorEnabl } // if target allocator isn't enabled, we need a config section if !promConfigExists { - return errorNoComponent("global") + return errorNoComponent("prometheusConfig") } return nil diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 132b4db0d..2566e1a2d 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -19,13 +19,13 @@ import ( func TestExtractPromConfigFromConfig(t *testing.T) { configStr := ` -global: +config: scrape_config: job_name: otel-collector scrape_interval: 10s ` expectedData := map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "scrape_config": map[interface{}]interface{}{ "job_name": "otel-collector", "scrape_interval": "10s", @@ -43,7 +43,7 @@ global: func TestExtractPromConfigWithTAConfigFromConfig(t *testing.T) { configStr := ` -global: +config: scrape_config: job_name: otel-collector scrape_interval: 10s @@ -51,7 +51,7 @@ target_allocator: endpoint: "test:80" ` expectedData := map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "scrape_config": map[interface{}]interface{}{ "job_name": "otel-collector", "scrape_interval": "10s", @@ -72,7 +72,7 @@ target_allocator: func TestUnescapeDollarSignsInPromConfig(t *testing.T) { actual := ` -global: +config: scrape_configs: - job_name: 'example' relabel_configs: @@ -88,7 +88,7 @@ global: replacement: '$1_$2' ` expected := ` -global: +config: scrape_configs: - job_name: 'example' relabel_configs: @@ -122,7 +122,7 @@ global: func TestAddHTTPSDConfigToPromConfig(t *testing.T) { t.Run("ValidConfiguration, add http_sd_config", func(t *testing.T) { cfg := map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -139,7 +139,7 @@ func TestAddHTTPSDConfigToPromConfig(t *testing.T) { } taServiceName := "test-service" expectedCfg := map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -160,7 +160,7 @@ func TestAddHTTPSDConfigToPromConfig(t *testing.T) { t.Run("invalid config property, returns error", func(t *testing.T) { cfg := map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "job_name": "test_job", "static_configs": []interface{}{ map[interface{}]interface{}{ @@ -183,7 +183,7 @@ func TestAddHTTPSDConfigToPromConfig(t *testing.T) { func TestAddTAConfigToPromConfig(t *testing.T) { t.Run("should return expected prom config map with TA config", func(t *testing.T) { cfg := map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -202,7 +202,7 @@ func TestAddTAConfigToPromConfig(t *testing.T) { taServiceName := "test-targetallocator" expectedResult := map[interface{}]interface{}{ - "global": map[interface{}]interface{}{}, + "config": map[interface{}]interface{}{}, "target_allocator": map[interface{}]interface{}{ "endpoint": "http://test-targetallocator:80", "interval": "30s", @@ -216,7 +216,7 @@ func TestAddTAConfigToPromConfig(t *testing.T) { assert.Equal(t, expectedResult, result) }) - t.Run("missing or invalid global property, returns error", func(t *testing.T) { + t.Run("missing or invalid prometheusConfig property, returns error", func(t *testing.T) { testCases := []struct { name string cfg map[interface{}]interface{} @@ -225,14 +225,14 @@ func TestAddTAConfigToPromConfig(t *testing.T) { { name: "missing config property", cfg: map[interface{}]interface{}{}, - errText: "no global available as part of the configuration", + errText: "no prometheusConfig available as part of the configuration", }, { name: "invalid config property", cfg: map[interface{}]interface{}{ - "global": "invalid", + "config": "invalid", }, - errText: "global property in the configuration doesn't contain valid global", + errText: "prometheusConfig property in the configuration doesn't contain valid prometheusConfig", }, } @@ -276,7 +276,7 @@ func TestValidatePromConfig(t *testing.T) { { description: "target_allocator enabled, config section present", config: map[interface{}]interface{}{ - "global": map[interface{}]interface{}{}, + "config": map[interface{}]interface{}{}, }, targetAllocatorEnabled: true, targetAllocatorRewriteEnabled: false, @@ -292,7 +292,7 @@ func TestValidatePromConfig(t *testing.T) { { description: "target_allocator disabled, config section present", config: map[interface{}]interface{}{ - "global": map[interface{}]interface{}{}, + "config": map[interface{}]interface{}{}, }, targetAllocatorEnabled: false, targetAllocatorRewriteEnabled: false, @@ -303,7 +303,7 @@ func TestValidatePromConfig(t *testing.T) { config: map[interface{}]interface{}{}, targetAllocatorEnabled: false, targetAllocatorRewriteEnabled: false, - expectedError: fmt.Errorf("no %s available as part of the configuration", "global"), + expectedError: fmt.Errorf("no %s available as part of the configuration", "prometheusConfig"), }, } @@ -326,7 +326,7 @@ func TestValidateTargetAllocatorConfig(t *testing.T) { { description: "scrape configs present and PrometheusCR enabled", config: map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -347,7 +347,7 @@ func TestValidateTargetAllocatorConfig(t *testing.T) { { description: "scrape configs present and PrometheusCR disabled", config: map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "scrape_configs": []interface{}{ map[interface{}]interface{}{ "job_name": "test_job", @@ -375,12 +375,12 @@ func TestValidateTargetAllocatorConfig(t *testing.T) { description: "receiver config empty and PrometheusCR disabled", config: map[interface{}]interface{}{}, targetAllocatorPrometheusCR: false, - expectedError: fmt.Errorf("no %s available as part of the configuration", "global"), + expectedError: fmt.Errorf("no %s available as part of the configuration", "prometheusConfig"), }, { description: "scrape configs empty and PrometheusCR disabled", config: map[interface{}]interface{}{ - "global": map[interface{}]interface{}{ + "config": map[interface{}]interface{}{ "scrape_configs": []interface{}{}, }, }, diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 3b1f550d8..53a2dd7b3 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -42,9 +42,9 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { taConfig := make(map[interface{}]interface{}) prometheusCRConfig := make(map[interface{}]interface{}) taConfig["label_selector"] = manifestutils.SelectorLabels(params.OtelCol.ObjectMeta, collector.ComponentAmazonCloudWatchAgent) - // We only take the "global" from the returned object, if it's present - if prometheusConfig, ok := prometheusReceiverConfig["global"]; ok { - taConfig["global"] = prometheusConfig + // We only take the "config" from the returned object, if it's present + if prometheusConfig, ok := prometheusReceiverConfig["config"]; ok { + taConfig["config"] = prometheusConfig } if len(params.OtelCol.Spec.TargetAllocator.AllocationStrategy) > 0 { diff --git a/internal/manifests/targetallocator/configmap_test.go b/internal/manifests/targetallocator/configmap_test.go index 6a49616b3..83d962436 100644 --- a/internal/manifests/targetallocator/configmap_test.go +++ b/internal/manifests/targetallocator/configmap_test.go @@ -29,7 +29,7 @@ func TestDesiredConfigMap(t *testing.T) { expectedData := map[string]string{ "targetallocator.yaml": `allocation_strategy: least-weighted -global: +config: scrape_configs: - job_name: otel-collector scrape_interval: 10s @@ -65,7 +65,7 @@ label_selector: expectedData := map[string]string{ "targetallocator.yaml": `allocation_strategy: least-weighted -global: +config: scrape_configs: - job_name: otel-collector scrape_interval: 10s @@ -111,7 +111,7 @@ service_monitor_selector: expectedData := map[string]string{ "targetallocator.yaml": `allocation_strategy: least-weighted -global: +config: scrape_configs: - job_name: otel-collector scrape_interval: 10s diff --git a/internal/manifests/targetallocator/testdata/test.yaml b/internal/manifests/targetallocator/testdata/test.yaml index 1c7539ad1..3332c6705 100644 --- a/internal/manifests/targetallocator/testdata/test.yaml +++ b/internal/manifests/targetallocator/testdata/test.yaml @@ -1,4 +1,4 @@ -global: +config: scrape_configs: - job_name: otel-collector scrape_interval: 10s From fad09e9153d3fed2de65cb0daf507b761bf2355b Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 29 Aug 2024 12:02:03 -0400 Subject: [PATCH 31/99] Addressed some comments: yaml, target-allocator, and use consistent-hashing. --- Makefile | 2 +- apis/v1alpha1/allocation_strategy.go | 5 +--- apis/v1alpha1/amazoncloudwatchagent_types.go | 6 ++--- apis/v1alpha2/amazoncloudwatchagent_types.go | 2 +- ...aws.amazon.com_amazoncloudwatchagents.yaml | 7 +++--- docs/api.md | 10 ++++---- internal/config/main.go | 2 +- .../adapters/config_to_prom_config_test.go | 6 ++--- .../manifests/targetallocator/annotations.go | 2 +- .../manifests/targetallocator/configmap.go | 8 ++----- .../targetallocator/configmap_test.go | 24 +++++++++---------- .../targetallocator/deployment_test.go | 14 +++++------ internal/manifests/targetallocator/labels.go | 2 +- .../manifests/targetallocator/labels_test.go | 2 +- internal/naming/main.go | 8 +++---- main.go | 2 +- pkg/featuregate/featuregate.go | 2 +- versions.txt | 2 +- 18 files changed, 49 insertions(+), 57 deletions(-) diff --git a/Makefile b/Makefile index 00fd159c6..3dfc78402 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ AUTO_INSTRUMENTATION_PYTHON_VERSION ?= "$(shell grep -v '\#' versions.txt | grep AUTO_INSTRUMENTATION_DOTNET_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-dotnet-instrumentation | awk -F= '{print $$2}')" DCGM_EXPORTER_VERSION ?= "$(shell grep -v '\#' versions.txt | grep dcgm-exporter | awk -F= '{print $$2}')" NEURON_MONITOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep neuron-monitor | awk -F= '{print $$2}')" -TARGETALLOCATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep targetallocator | awk -F= '{print $$2}')" +TARGETALLOCATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep target-allocator | awk -F= '{print $$2}')" # Image URL to use all building/pushing image targets IMG_PREFIX ?= aws diff --git a/apis/v1alpha1/allocation_strategy.go b/apis/v1alpha1/allocation_strategy.go index 1ff113c11..f3e3be140 100644 --- a/apis/v1alpha1/allocation_strategy.go +++ b/apis/v1alpha1/allocation_strategy.go @@ -5,14 +5,11 @@ package v1alpha1 type ( // AmazonCloudWatchAgentTargetAllocatorAllocationStrategy represent which strategy to distribute target to each collector - // +kubebuilder:validation:Enum=least-weighted;consistent-hashing + // +kubebuilder:validation:Enum=consistent-hashing AmazonCloudWatchAgentTargetAllocatorAllocationStrategy string ) const ( - // AmazonCloudWatchAgentTargetAllocatorAllocationStrategyLeastWeighted targets will be distributed to collector with fewer targets currently assigned. - AmazonCloudWatchAgentTargetAllocatorAllocationStrategyLeastWeighted AmazonCloudWatchAgentTargetAllocatorAllocationStrategy = "least-weighted" - // AmazonCloudWatchAgentTargetAllocatorAllocationStrategyConsistentHashing targets will be consistently added to collectors, which allows a high-availability setup. AmazonCloudWatchAgentTargetAllocatorAllocationStrategyConsistentHashing AmazonCloudWatchAgentTargetAllocatorAllocationStrategy = "consistent-hashing" ) diff --git a/apis/v1alpha1/amazoncloudwatchagent_types.go b/apis/v1alpha1/amazoncloudwatchagent_types.go index 023f44aef..9d71fca09 100644 --- a/apis/v1alpha1/amazoncloudwatchagent_types.go +++ b/apis/v1alpha1/amazoncloudwatchagent_types.go @@ -167,7 +167,7 @@ type AmazonCloudWatchAgentSpec struct { // ImagePullPolicy indicates the pull policy to be used for retrieving the container image (Always, Never, IfNotPresent) // +optional ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` - // PrometheusConfig is the raw JSON to be used as the collector's prometheus configuration. + // PrometheusConfig is the raw YAML to be used as the collector's prometheus configuration. // +optional PrometheusConfig string `json:"prometheusConfig,omitempty"` // Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details. @@ -293,7 +293,7 @@ type AmazonCloudWatchAgentTargetAllocator struct { // +optional Resources v1.ResourceRequirements `json:"resources,omitempty"` // AllocationStrategy determines which strategy the target allocator should use for allocation. - // The current options are least-weighted and consistent-hashing. The default option is least-weighted + // The current option is consistent-hashing. // +optional AllocationStrategy AmazonCloudWatchAgentTargetAllocatorAllocationStrategy `json:"allocationStrategy,omitempty"` // FilterStrategy determines how to filter targets before allocating them among the collectors. @@ -319,7 +319,7 @@ type AmazonCloudWatchAgentTargetAllocator struct { // +optional PrometheusCR AmazonCloudWatchAgentTargetAllocatorPrometheusCR `json:"prometheusCR,omitempty"` // SecurityContext configures the container security context for - // the targetallocator. + // the target-allocator. // +optional SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` // TopologySpreadConstraints embedded kubernetes pod configuration option, diff --git a/apis/v1alpha2/amazoncloudwatchagent_types.go b/apis/v1alpha2/amazoncloudwatchagent_types.go index 3ced5b5cb..0fb5fbec8 100644 --- a/apis/v1alpha2/amazoncloudwatchagent_types.go +++ b/apis/v1alpha2/amazoncloudwatchagent_types.go @@ -92,7 +92,7 @@ type AmazonCloudWatchAgentSpec struct { // ImagePullPolicy indicates the pull policy to be used for retrieving the container image (Always, Never, IfNotPresent) // +optional ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` - // PrometheusConfig is the raw JSON to be used as the collector's prometheus configuration. + // PrometheusConfig is the raw YAML to be used as the collector's prometheus configuration. // +optional PrometheusConfig string `json:"prometheusConfig,omitempty"` // Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details. diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml index cdd68011a..f6dfa4a30 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml @@ -4801,7 +4801,7 @@ spec: default. type: string prometheusConfig: - description: PrometheusConfig is the raw JSON to be used as the collector's + description: PrometheusConfig is the raw YAML to be used as the collector's prometheus configuration. type: string replicas: @@ -5945,9 +5945,8 @@ spec: allocationStrategy: description: |- AllocationStrategy determines which strategy the target allocator should use for allocation. - The current options are least-weighted and consistent-hashing. The default option is least-weighted + The current option is consistent-hashing. enum: - - least-weighted - consistent-hashing type: string enabled: @@ -6187,7 +6186,7 @@ spec: securityContext: description: |- SecurityContext configures the container security context for - the targetallocator. + the target-allocator. properties: fsGroup: description: |- diff --git a/docs/api.md b/docs/api.md index 50dc90e2b..b9ae74acf 100644 --- a/docs/api.md +++ b/docs/api.md @@ -324,7 +324,7 @@ default.
 @@ -10421,9 +10421,9 @@ TargetAllocator indicates a value which determines whether to spawn a target all @@ -10495,7 +10495,7 @@ that can be run in a high availability mode is consistent-hashing.
@@ -12566,7 +12566,7 @@ inside a container.
SecurityContext configures the container security context for -the targetallocator. +the target-allocator.
name string - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
fsType string - fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
messages []string - Messages about actions performed by the operator on this resource. Deprecated: use Kubernetes events instead.
+ Messages about actions performed by the operator on this resource. +Deprecated: use Kubernetes events instead.
 false
replicas integer - Replicas is currently not being set and might be removed in the next version. Deprecated: use "NeuronMonitor.Status.Scale.Replicas" instead.
+ Replicas is currently not being set and might be removed in the next version. +Deprecated: use "NeuronMonitor.Status.Scale.Replicas" instead.

Format: int32
replicas integer - The total number non-terminated pods targeted by this AmazonCloudWatchAgent's deployment or statefulSet.
+ The total number non-terminated pods targeted by this +AmazonCloudWatchAgent's deployment or statefulSet.

Format: int32
selector string - The selector used to match the AmazonCloudWatchAgent's deployment or statefulSet pods.
+ The selector used to match the AmazonCloudWatchAgent's +deployment or statefulSet pods.
 false
statusReplicas string - StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). Deployment, Daemonset, StatefulSet.
+ StatusReplicas is the number of pods targeted by this AmazonCloudWatchAgent's with a Ready Condition / +Total number of non-terminated pods targeted by this AmazonCloudWatchAgent's (their labels match the selector). +Deployment, Daemonset, StatefulSet.
 false
false
prometheusConfigstring + PrometheusConfig is the raw JSON to be used as the collector's prometheus configuration.
+ 		false
replicas integerprometheusConfig string - PrometheusConfig is the raw JSON to be used as the collector's prometheus configuration.
+ PrometheusConfig is the raw YAML to be used as the collector's prometheus configuration.
 false
enum AllocationStrategy determines which strategy the target allocator should use for allocation. -The current options are least-weighted and consistent-hashing. The default option is least-weighted
+The current option is consistent-hashing.

- Enum: least-weighted, consistent-hashing
+ Enum: consistent-hashing
 false
object SecurityContext configures the container security context for -the targetallocator.
+the target-allocator.
 false
diff --git a/internal/config/main.go b/internal/config/main.go index 6b7676749..05b395ddd 100644 --- a/internal/config/main.go +++ b/internal/config/main.go @@ -13,7 +13,7 @@ import ( const ( defaultCollectorConfigMapEntry = "cwagentconfig.json" - defaultTargetAllocatorConfigMapEntry = "targetallocator.yaml" + defaultTargetAllocatorConfigMapEntry = "target-allocator.yaml" ) // Config holds the static configuration for this operator. diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 2566e1a2d..631ddc52e 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -199,12 +199,12 @@ func TestAddTAConfigToPromConfig(t *testing.T) { }, } - taServiceName := "test-targetallocator" + taServiceName := "test-target-allocator" expectedResult := map[interface{}]interface{}{ "config": map[interface{}]interface{}{}, "target_allocator": map[interface{}]interface{}{ - "endpoint": "http://test-targetallocator:80", + "endpoint": "http://test-target-allocator:80", "interval": "30s", "collector_id": "${POD_NAME}", }, @@ -236,7 +236,7 @@ func TestAddTAConfigToPromConfig(t *testing.T) { }, } - taServiceName := "test-targetallocator" + taServiceName := "test-target-allocator" for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { diff --git a/internal/manifests/targetallocator/annotations.go b/internal/manifests/targetallocator/annotations.go index f86a30be7..07e483f66 100644 --- a/internal/manifests/targetallocator/annotations.go +++ b/internal/manifests/targetallocator/annotations.go @@ -12,7 +12,7 @@ import ( "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" ) -const configMapHashAnnotationKey = "amazon-cloudwatch-agent-targetallocator-config/hash" +const configMapHashAnnotationKey = "amazon-cloudwatch-agent-target-allocator-config/hash" // Annotations returns the annotations for the TargetAllocator Pod. func Annotations(instance v1alpha1.AmazonCloudWatchAgent, configMap *v1.ConfigMap) map[string]string { diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 53a2dd7b3..9325a6723 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -19,7 +19,7 @@ import ( ) const ( - targetAllocatorFilename = "targetallocator.yaml" + targetAllocatorFilename = "target-allocator.yaml" ) func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { @@ -47,11 +47,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { taConfig["config"] = prometheusConfig } - if len(params.OtelCol.Spec.TargetAllocator.AllocationStrategy) > 0 { - taConfig["allocation_strategy"] = params.OtelCol.Spec.TargetAllocator.AllocationStrategy - } else { - taConfig["allocation_strategy"] = v1alpha1.AmazonCloudWatchAgentTargetAllocatorAllocationStrategyLeastWeighted - } + taConfig["allocation_strategy"] = v1alpha1.AmazonCloudWatchAgentTargetAllocatorAllocationStrategyConsistentHashing if len(params.OtelCol.Spec.TargetAllocator.FilterStrategy) > 0 { taConfig["filter_strategy"] = params.OtelCol.Spec.TargetAllocator.FilterStrategy diff --git a/internal/manifests/targetallocator/configmap_test.go b/internal/manifests/targetallocator/configmap_test.go index 83d962436..1e890b870 100644 --- a/internal/manifests/targetallocator/configmap_test.go +++ b/internal/manifests/targetallocator/configmap_test.go @@ -24,11 +24,11 @@ func TestDesiredConfigMap(t *testing.T) { } t.Run("should return expected target allocator config map", func(t *testing.T) { - expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-targetallocator" - expectedLables["app.kubernetes.io/name"] = "my-instance-targetallocator" + expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-target-allocator" + expectedLables["app.kubernetes.io/name"] = "my-instance-target-allocator" expectedData := map[string]string{ - "targetallocator.yaml": `allocation_strategy: least-weighted + "target-allocator.yaml": `allocation_strategy: consistent-hashing config: scrape_configs: - job_name: otel-collector @@ -54,17 +54,17 @@ label_selector: actual, err := ConfigMap(params) assert.NoError(t, err) - assert.Equal(t, "my-instance-targetallocator", actual.Name) + assert.Equal(t, "my-instance-target-allocator", actual.Name) assert.Equal(t, expectedLables, actual.Labels) assert.Equal(t, expectedData, actual.Data) }) t.Run("should return expected target allocator config map with label selectors", func(t *testing.T) { - expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-targetallocator" - expectedLables["app.kubernetes.io/name"] = "my-instance-targetallocator" + expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-target-allocator" + expectedLables["app.kubernetes.io/name"] = "my-instance-target-allocator" expectedData := map[string]string{ - "targetallocator.yaml": `allocation_strategy: least-weighted + "target-allocator.yaml": `allocation_strategy: consistent-hashing config: scrape_configs: - job_name: otel-collector @@ -100,17 +100,17 @@ service_monitor_selector: actual, err := ConfigMap(params) assert.NoError(t, err) - assert.Equal(t, "my-instance-targetallocator", actual.Name) + assert.Equal(t, "my-instance-target-allocator", actual.Name) assert.Equal(t, expectedLables, actual.Labels) assert.Equal(t, expectedData, actual.Data) }) t.Run("should return expected target allocator config map with scrape interval set", func(t *testing.T) { - expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-targetallocator" - expectedLables["app.kubernetes.io/name"] = "my-instance-targetallocator" + expectedLables["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-target-allocator" + expectedLables["app.kubernetes.io/name"] = "my-instance-target-allocator" expectedData := map[string]string{ - "targetallocator.yaml": `allocation_strategy: least-weighted + "target-allocator.yaml": `allocation_strategy: consistent-hashing config: scrape_configs: - job_name: otel-collector @@ -140,7 +140,7 @@ prometheus_cr: actual, err := ConfigMap(params) assert.NoError(t, err) - assert.Equal(t, "my-instance-targetallocator", actual.Name) + assert.Equal(t, "my-instance-target-allocator", actual.Name) assert.Equal(t, expectedLables, actual.Labels) assert.Equal(t, expectedData, actual.Data) diff --git a/internal/manifests/targetallocator/deployment_test.go b/internal/manifests/targetallocator/deployment_test.go index a0e7a5822..26cf81bbf 100644 --- a/internal/manifests/targetallocator/deployment_test.go +++ b/internal/manifests/targetallocator/deployment_test.go @@ -129,8 +129,8 @@ func TestDeploymentNewDefault(t *testing.T) { assert.NoError(t, err) // verify - assert.Equal(t, "my-instance-targetallocator", d.GetName()) - assert.Equal(t, "my-instance-targetallocator", d.GetLabels()["app.kubernetes.io/name"]) + assert.Equal(t, "my-instance-target-allocator", d.GetName()) + assert.Equal(t, "my-instance-target-allocator", d.GetLabels()["app.kubernetes.io/name"]) assert.Len(t, d.Spec.Template.Spec.Containers, 1) @@ -159,7 +159,7 @@ func TestDeploymentPodAnnotations(t *testing.T) { ds, err := Deployment(params) assert.NoError(t, err) // verify - assert.Equal(t, "my-instance-targetallocator", ds.Name) + assert.Equal(t, "my-instance-target-allocator", ds.Name) assert.Subset(t, ds.Spec.Template.Annotations, testPodAnnotationValues) } @@ -285,7 +285,7 @@ func TestDeploymentTolerations(t *testing.T) { } d1, err := Deployment(params1) assert.NoError(t, err) - assert.Equal(t, "my-instance-targetallocator", d1.Name) + assert.Equal(t, "my-instance-target-allocator", d1.Name) assert.Empty(t, d1.Spec.Template.Spec.Tolerations) // Test Tolerations @@ -307,7 +307,7 @@ func TestDeploymentTolerations(t *testing.T) { } d2, err := Deployment(params2) assert.NoError(t, err) - assert.Equal(t, "my-instance-toleration-targetallocator", d2.Name) + assert.Equal(t, "my-instance-toleration-target-allocator", d2.Name) assert.NotNil(t, d2.Spec.Template.Spec.Tolerations) assert.NotEmpty(t, d2.Spec.Template.Spec.Tolerations) assert.Equal(t, testTolerationValues, d2.Spec.Template.Spec.Tolerations) @@ -330,7 +330,7 @@ func TestDeploymentTopologySpreadConstraints(t *testing.T) { } d1, err := Deployment(params1) assert.NoError(t, err) - assert.Equal(t, "my-instance-targetallocator", d1.Name) + assert.Equal(t, "my-instance-target-allocator", d1.Name) assert.Empty(t, d1.Spec.Template.Spec.TopologySpreadConstraints) // Test TopologySpreadConstraints @@ -354,7 +354,7 @@ func TestDeploymentTopologySpreadConstraints(t *testing.T) { d2, err := Deployment(params2) assert.NoError(t, err) - assert.Equal(t, "my-instance-topologyspreadconstraint-targetallocator", d2.Name) + assert.Equal(t, "my-instance-topologyspreadconstraint-target-allocator", d2.Name) assert.NotNil(t, d2.Spec.Template.Spec.TopologySpreadConstraints) assert.NotEmpty(t, d2.Spec.Template.Spec.TopologySpreadConstraints) assert.Equal(t, testTopologySpreadConstraintValue, d2.Spec.Template.Spec.TopologySpreadConstraints) diff --git a/internal/manifests/targetallocator/labels.go b/internal/manifests/targetallocator/labels.go index 2caf47e72..98541faae 100644 --- a/internal/manifests/targetallocator/labels.go +++ b/internal/manifests/targetallocator/labels.go @@ -21,7 +21,7 @@ func Labels(instance v1alpha1.AmazonCloudWatchAgent, name string) map[string]str base["app.kubernetes.io/managed-by"] = "amazon-cloudwatch-agent-operator" base["app.kubernetes.io/instance"] = naming.Truncate("%s.%s", 63, instance.Namespace, instance.Name) base["app.kubernetes.io/part-of"] = "amazon-cloudwatch-agent" - base["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-targetallocator" + base["app.kubernetes.io/component"] = "amazon-cloudwatch-agent-target-allocator" if _, ok := base["app.kubernetes.io/name"]; !ok { base["app.kubernetes.io/name"] = name diff --git a/internal/manifests/targetallocator/labels_test.go b/internal/manifests/targetallocator/labels_test.go index 7db287227..b41730ee4 100644 --- a/internal/manifests/targetallocator/labels_test.go +++ b/internal/manifests/targetallocator/labels_test.go @@ -31,7 +31,7 @@ func TestLabelsCommonSet(t *testing.T) { assert.Equal(t, "amazon-cloudwatch-agent-operator", labels["app.kubernetes.io/managed-by"]) assert.Equal(t, "my-ns.my-instance", labels["app.kubernetes.io/instance"]) assert.Equal(t, "amazon-cloudwatch-agent", labels["app.kubernetes.io/part-of"]) - assert.Equal(t, "amazon-cloudwatch-agent-targetallocator", labels["app.kubernetes.io/component"]) + assert.Equal(t, "amazon-cloudwatch-agent-target-allocator", labels["app.kubernetes.io/component"]) assert.Equal(t, name, labels["app.kubernetes.io/name"]) } diff --git a/internal/naming/main.go b/internal/naming/main.go index 6a89fdb90..3940b1fa7 100644 --- a/internal/naming/main.go +++ b/internal/naming/main.go @@ -11,7 +11,7 @@ func ConfigMap(otelcol string) string { // TAConfigMap returns the name for the config map used in the TargetAllocator. func TAConfigMap(otelcol string) string { - return DNSName(Truncate("%s-targetallocator", 63, otelcol)) + return DNSName(Truncate("%s-target-allocator", 63, otelcol)) } // ConfigMapVolume returns the name to use for the config map's volume in the pod. @@ -66,7 +66,7 @@ func AmazonCloudWatchAgentName(otelcolName string) string { // TargetAllocator returns the TargetAllocator deployment resource name. func TargetAllocator(otelcol string) string { - return DNSName(Truncate("%s-targetallocator", 63, otelcol)) + return DNSName(Truncate("%s-target-allocator", 63, otelcol)) } // HeadlessService builds the name for the headless service based on the instance. @@ -96,7 +96,7 @@ func Route(otelcol string, prefix string) string { // TAService returns the name to use for the TargetAllocator service. func TAService(otelcol string) string { - return DNSName(Truncate("%s-targetallocator", 63, otelcol)) + return DNSName(Truncate("%s-target-allocator", 63, otelcol)) } // ServiceAccount builds the service account name based on the instance. @@ -116,5 +116,5 @@ func PodMonitor(otelcol string) string { // TargetAllocatorServiceAccount returns the TargetAllocator service account resource name. func TargetAllocatorServiceAccount(otelcol string) string { - return DNSName(Truncate("%s-targetallocator", 63, otelcol)) + return DNSName(Truncate("%s-target-allocator", 63, otelcol)) } diff --git a/main.go b/main.go index dc4d9b315..b64043e32 100644 --- a/main.go +++ b/main.go @@ -174,7 +174,7 @@ func main() { "auto-instrumentation-dotnet", autoInstrumentationDotNet, "dcgm-exporter", dcgmExporterImage, "neuron-monitor", neuronMonitorImage, - "amazon-cloudwatch-agent-targetallocator", targetAllocatorImage, + "amazon-cloudwatch-agent-target-allocator", targetAllocatorImage, "build-date", v.BuildDate, "go-version", v.Go, "go-arch", runtime.GOARCH, diff --git a/pkg/featuregate/featuregate.go b/pkg/featuregate/featuregate.go index 8c438d598..68016f5e5 100644 --- a/pkg/featuregate/featuregate.go +++ b/pkg/featuregate/featuregate.go @@ -66,7 +66,7 @@ var ( // EnableTargetAllocatorRewrite is the feature gate that controls whether the collector's configuration should // automatically be rewritten when the target allocator is enabled. EnableTargetAllocatorRewrite = featuregate.GlobalRegistry().MustRegister( - "operator.collector.rewritetargetallocator", + "operator.collector.rewritetarget-allocator", featuregate.StageBeta, featuregate.WithRegisterDescription("controls whether the operator should configure the collector's targetAllocator configuration"), featuregate.WithRegisterFromVersion("v0.76.1"), diff --git a/versions.txt b/versions.txt index 4601ab94c..51fcfaa2f 100644 --- a/versions.txt +++ b/versions.txt @@ -5,7 +5,7 @@ cloudwatch-agent=1.300041.0b681 operator=1.4.1 # Represents the current release of the Target Allocator. -targetallocator=0.90.0 +target-allocator=0.90.0 # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 From 1102dc1c0b31caffb1819e65e04314556feded63 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 29 Aug 2024 13:16:23 -0400 Subject: [PATCH 32/99] Changed to TARGET_ALLOCATOR. --- Dockerfile | 4 ++-- Makefile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 366a44a63..d0764f1fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,10 +29,10 @@ ARG AUTO_INSTRUMENTATION_PYTHON_VERSION ARG AUTO_INSTRUMENTATION_DOTNET_VERSION ARG DCMG_EXPORTER_VERSION ARG NEURON_MONITOR_VERSION -ARG TARGETALLOCATOR_VERSION +ARG TARGET_ALLOCATOR_VERSION # Build -RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGETALLOCATOR_VERSION} " -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGET_ALLOCATOR_VERSION} " -a -o manager main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/Makefile b/Makefile index 3dfc78402..2b3076379 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ AUTO_INSTRUMENTATION_PYTHON_VERSION ?= "$(shell grep -v '\#' versions.txt | grep AUTO_INSTRUMENTATION_DOTNET_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-dotnet-instrumentation | awk -F= '{print $$2}')" DCGM_EXPORTER_VERSION ?= "$(shell grep -v '\#' versions.txt | grep dcgm-exporter | awk -F= '{print $$2}')" NEURON_MONITOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep neuron-monitor | awk -F= '{print $$2}')" -TARGETALLOCATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep target-allocator | awk -F= '{print $$2}')" +TARGET_ALLOCATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep target-allocator | awk -F= '{print $$2}')" # Image URL to use all building/pushing image targets IMG_PREFIX ?= aws @@ -155,7 +155,7 @@ generate: controller-gen api-docs # buildx is used to ensure same results for arm based systems (m1/2 chips) .PHONY: container container: - docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGETALLOCATOR_VERSION=${TARGETALLOCATOR_VERSION} . + docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGET_ALLOCATOR_VERSION=${TARGETALLOCATOR_VERSION} . # Push the container image, used only for local dev purposes .PHONY: container-push From ceaaa4903f231c089ed2fc2178228e1e5e971dc8 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 29 Aug 2024 15:30:08 -0400 Subject: [PATCH 33/99] Removed unused escape 16326 logic. --- .../adapters/config_to_prom_config.go | 14 ++++---------- .../adapters/config_to_prom_config_test.go | 6 +++--- internal/manifests/targetallocator/configmap.go | 4 +--- 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index c0590382d..fea17f76d 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -8,7 +8,6 @@ import ( "fmt" "net/url" "regexp" - "strings" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ) @@ -62,9 +61,8 @@ func getScrapeConfigsFromPromConfig(promReceiverConfig map[interface{}]interface return scrapeConfigs, nil } -// UnescapeDollarSignsInPromConfig replaces "$$" with "$" in the "replacement" fields of -// both "relabel_configs" and "metric_relabel_configs" in a Prometheus configuration file. -func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, error) { +// GetPromConfig returns a Prometheus configuration file. +func GetPromConfig(cfg string) (map[interface{}]interface{}, error) { prometheus, err := adapters.ConfigFromString(cfg) if err != nil { return nil, err @@ -102,12 +100,10 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e continue } - replacement, rcErr := replacementProperty.(string) + _, rcErr = replacementProperty.(string) if !rcErr { return nil, errorNotAStringAtIndex("replacement", i) } - - relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") } metricRelabelConfigsProperty, ok := scrapeConfig["metric_relabel_configs"] @@ -131,12 +127,10 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e continue } - replacement, ok := replacementProperty.(string) + _, ok = replacementProperty.(string) if !ok { return nil, errorNotAStringAtIndex("replacement", i) } - - relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") } } diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 631ddc52e..96f213453 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -70,7 +70,7 @@ target_allocator: assert.Equal(t, expectedData, promConfig) } -func TestUnescapeDollarSignsInPromConfig(t *testing.T) { +func TestGetPromConfig(t *testing.T) { actual := ` config: scrape_configs: @@ -104,12 +104,12 @@ config: replacement: '$1_$2' ` - config, err := ta.UnescapeDollarSignsInPromConfig(actual) + config, err := ta.GetPromConfig(actual) if err != nil { t.Errorf("unexpected error: %v", err) } - expectedConfig, err := ta.UnescapeDollarSignsInPromConfig(expected) + expectedConfig, err := ta.GetPromConfig(expected) if err != nil { t.Errorf("unexpected error: %v", err) } diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 9325a6723..c1e5d5e46 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -32,9 +32,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { labels["app.kubernetes.io/version"] = "latest" } - // Collector supports environment variable substitution, but the TA does not. - // TA ConfigMap should have a single "$", as it does not support env var substitution - prometheusReceiverConfig, err := adapters.UnescapeDollarSignsInPromConfig(params.OtelCol.Spec.PrometheusConfig) + prometheusReceiverConfig, err := adapters.GetPromConfig(params.OtelCol.Spec.PrometheusConfig) if err != nil { return &corev1.ConfigMap{}, err } From d77d772017a4a5a9f8ccdb6ed793a415e5cec746 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 29 Aug 2024 16:17:07 -0400 Subject: [PATCH 34/99] Use Prometheus naming convention and fixed Makefile. --- Makefile | 2 +- apis/v1alpha1/amazoncloudwatchagent_types.go | 4 ++-- apis/v1alpha1/collector_webhook.go | 2 +- apis/v1alpha1/collector_webhook_test.go | 2 +- apis/v1alpha2/amazoncloudwatchagent_types.go | 4 ++-- .../cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml | 4 ++-- docs/api.md | 4 ++-- internal/manifests/targetallocator/configmap.go | 2 +- internal/manifests/targetallocator/deployment_test.go | 4 ++-- 9 files changed, 14 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 2b3076379..2523acd77 100644 --- a/Makefile +++ b/Makefile @@ -155,7 +155,7 @@ generate: controller-gen api-docs # buildx is used to ensure same results for arm based systems (m1/2 chips) .PHONY: container container: - docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGET_ALLOCATOR_VERSION=${TARGETALLOCATOR_VERSION} . + docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGET_ALLOCATOR_VERSION=${TARGET_ALLOCATOR_VERSION} . # Push the container image, used only for local dev purposes .PHONY: container-push diff --git a/apis/v1alpha1/amazoncloudwatchagent_types.go b/apis/v1alpha1/amazoncloudwatchagent_types.go index 9d71fca09..ee4289ac2 100644 --- a/apis/v1alpha1/amazoncloudwatchagent_types.go +++ b/apis/v1alpha1/amazoncloudwatchagent_types.go @@ -167,9 +167,9 @@ type AmazonCloudWatchAgentSpec struct { // ImagePullPolicy indicates the pull policy to be used for retrieving the container image (Always, Never, IfNotPresent) // +optional ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` - // PrometheusConfig is the raw YAML to be used as the collector's prometheus configuration. + // Prometheus is the raw YAML to be used as the collector's prometheus configuration. // +optional - PrometheusConfig string `json:"prometheusConfig,omitempty"` + Prometheus string `json:"prometheus,omitempty"` // Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details. // +required Config string `json:"config,omitempty"` diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 6417b3a6f..f2e8affe9 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -173,7 +173,7 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings // validate Prometheus config for target allocation if r.Spec.TargetAllocator.Enabled { - promCfg, err := adapters.ConfigFromString(r.Spec.PrometheusConfig) + promCfg, err := adapters.ConfigFromString(r.Spec.Prometheus) if err != nil { return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) } diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index b2d333442..784bd62a0 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -317,7 +317,7 @@ func TestOTELColValidatingWebhook(t *testing.T) { TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ Enabled: true, }, - PrometheusConfig: `config: + Prometheus: `config: scrape_configs: - job_name: otel-collector scrape_interval: 10s diff --git a/apis/v1alpha2/amazoncloudwatchagent_types.go b/apis/v1alpha2/amazoncloudwatchagent_types.go index 0fb5fbec8..347f4e02a 100644 --- a/apis/v1alpha2/amazoncloudwatchagent_types.go +++ b/apis/v1alpha2/amazoncloudwatchagent_types.go @@ -92,9 +92,9 @@ type AmazonCloudWatchAgentSpec struct { // ImagePullPolicy indicates the pull policy to be used for retrieving the container image (Always, Never, IfNotPresent) // +optional ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` - // PrometheusConfig is the raw YAML to be used as the collector's prometheus configuration. + // Prometheus is the raw YAML to be used as the collector's prometheus configuration. // +optional - PrometheusConfig string `json:"prometheusConfig,omitempty"` + Prometheus string `json:"prometheus,omitempty"` // Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details. // +required Config string `json:"config,omitempty"` diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml index f6dfa4a30..5d6f705be 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml @@ -4800,8 +4800,8 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string - prometheusConfig: - description: PrometheusConfig is the raw YAML to be used as the collector's + prometheus: + description: Prometheus is the raw YAML to be used as the collector's prometheus configuration. type: string replicas: diff --git a/docs/api.md b/docs/api.md index b9ae74acf..3c3473031 100644 --- a/docs/api.md +++ b/docs/api.md @@ -321,10 +321,10 @@ default.
 - + diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index c1e5d5e46..073d93072 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -32,7 +32,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { labels["app.kubernetes.io/version"] = "latest" } - prometheusReceiverConfig, err := adapters.GetPromConfig(params.OtelCol.Spec.PrometheusConfig) + prometheusReceiverConfig, err := adapters.GetPromConfig(params.OtelCol.Spec.Prometheus) if err != nil { return &corev1.ConfigMap{}, err } diff --git a/internal/manifests/targetallocator/deployment_test.go b/internal/manifests/targetallocator/deployment_test.go index 26cf81bbf..5b6151e7d 100644 --- a/internal/manifests/targetallocator/deployment_test.go +++ b/internal/manifests/targetallocator/deployment_test.go @@ -174,8 +174,8 @@ func collectorInstance() v1alpha1.AmazonCloudWatchAgent { Namespace: "default", }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ - Image: "ghcr.io/aws/amazon-cloudwatch-agent-operator/amazon-cloudwatch-agent-operator:0.47.0", - PrometheusConfig: string(configYAML), + Image: "ghcr.io/aws/amazon-cloudwatch-agent-operator/amazon-cloudwatch-agent-operator:0.47.0", + Prometheus: string(configYAML), }, } } From d53048908c836ce5b9bf5397ec7dc0585502440c Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 29 Aug 2024 16:42:01 -0400 Subject: [PATCH 35/99] Reverted yaml name. --- internal/config/main.go | 2 +- internal/manifests/targetallocator/configmap.go | 2 +- internal/manifests/targetallocator/configmap_test.go | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/config/main.go b/internal/config/main.go index 05b395ddd..6b7676749 100644 --- a/internal/config/main.go +++ b/internal/config/main.go @@ -13,7 +13,7 @@ import ( const ( defaultCollectorConfigMapEntry = "cwagentconfig.json" - defaultTargetAllocatorConfigMapEntry = "target-allocator.yaml" + defaultTargetAllocatorConfigMapEntry = "targetallocator.yaml" ) // Config holds the static configuration for this operator. diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 073d93072..998b34693 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -19,7 +19,7 @@ import ( ) const ( - targetAllocatorFilename = "target-allocator.yaml" + targetAllocatorFilename = "targetallocator.yaml" ) func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { diff --git a/internal/manifests/targetallocator/configmap_test.go b/internal/manifests/targetallocator/configmap_test.go index 1e890b870..4620280b5 100644 --- a/internal/manifests/targetallocator/configmap_test.go +++ b/internal/manifests/targetallocator/configmap_test.go @@ -28,7 +28,7 @@ func TestDesiredConfigMap(t *testing.T) { expectedLables["app.kubernetes.io/name"] = "my-instance-target-allocator" expectedData := map[string]string{ - "target-allocator.yaml": `allocation_strategy: consistent-hashing + "targetallocator.yaml": `allocation_strategy: consistent-hashing config: scrape_configs: - job_name: otel-collector @@ -64,7 +64,7 @@ label_selector: expectedLables["app.kubernetes.io/name"] = "my-instance-target-allocator" expectedData := map[string]string{ - "target-allocator.yaml": `allocation_strategy: consistent-hashing + "targetallocator.yaml": `allocation_strategy: consistent-hashing config: scrape_configs: - job_name: otel-collector @@ -110,7 +110,7 @@ service_monitor_selector: expectedLables["app.kubernetes.io/name"] = "my-instance-target-allocator" expectedData := map[string]string{ - "target-allocator.yaml": `allocation_strategy: consistent-hashing + "targetallocator.yaml": `allocation_strategy: consistent-hashing config: scrape_configs: - job_name: otel-collector From 6002c81e694782ed47e11dff1c88607db23ae8a1 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 29 Aug 2024 23:13:57 -0400 Subject: [PATCH 36/99] Deploy Prometheus ConfigMap, Volume, and VolumeMount. --- internal/config/main.go | 7 ++++ internal/config/options.go | 1 + internal/manifests/collector/collector.go | 3 ++ internal/manifests/collector/configmap.go | 36 +++++++++++++++++++ .../manifests/collector/configmap_test.go | 4 +++ internal/manifests/collector/container.go | 20 +++++++++++ .../manifests/collector/container_test.go | 11 ++++++ internal/manifests/collector/volume.go | 17 +++++++++ internal/manifests/collector/volume_test.go | 6 ++++ internal/naming/main.go | 10 ++++++ 10 files changed, 115 insertions(+) diff --git a/internal/config/main.go b/internal/config/main.go index 6b7676749..b1ab43295 100644 --- a/internal/config/main.go +++ b/internal/config/main.go @@ -14,6 +14,7 @@ import ( const ( defaultCollectorConfigMapEntry = "cwagentconfig.json" defaultTargetAllocatorConfigMapEntry = "targetallocator.yaml" + defaultPrometheusConfigMapEntry = "prometheus.yaml" ) // Config holds the static configuration for this operator. @@ -32,6 +33,7 @@ type Config struct { neuronMonitorImage string targetAllocatorImage string targetAllocatorConfigMapEntry string + prometheusConfigMapEntry string labelsFilter []string } @@ -41,6 +43,7 @@ func New(opts ...Option) Config { o := options{ collectorConfigMapEntry: defaultCollectorConfigMapEntry, targetAllocatorConfigMapEntry: defaultTargetAllocatorConfigMapEntry, + prometheusConfigMapEntry: defaultPrometheusConfigMapEntry, logger: logf.Log.WithName("config"), version: version.Get(), } @@ -63,6 +66,7 @@ func New(opts ...Option) Config { neuronMonitorImage: o.neuronMonitorImage, targetAllocatorImage: o.targetAllocatorImage, targetAllocatorConfigMapEntry: o.targetAllocatorConfigMapEntry, + prometheusConfigMapEntry: o.prometheusConfigMapEntry, labelsFilter: o.labelsFilter, } } @@ -132,6 +136,9 @@ func (c *Config) TargetAllocatorConfigMapEntry() string { return c.targetAllocatorConfigMapEntry } +// PrometheusConfigMapEntry represents the configuration file name for Prometheus. +func (c *Config) PrometheusConfigMapEntry() string { return c.prometheusConfigMapEntry } + // LabelsFilter Returns the filters converted to regex strings used to filter out unwanted labels from propagations. func (c *Config) LabelsFilter() []string { return c.labelsFilter diff --git a/internal/config/options.go b/internal/config/options.go index a6418827e..d68576678 100644 --- a/internal/config/options.go +++ b/internal/config/options.go @@ -31,6 +31,7 @@ type options struct { neuronMonitorImage string targetAllocatorImage string targetAllocatorConfigMapEntry string + prometheusConfigMapEntry string labelsFilter []string } diff --git a/internal/manifests/collector/collector.go b/internal/manifests/collector/collector.go index 34df8b56a..bbe5e3e75 100644 --- a/internal/manifests/collector/collector.go +++ b/internal/manifests/collector/collector.go @@ -47,6 +47,9 @@ func Build(params manifests.Params) ([]client.Object, error) { manifestFactories = append(manifestFactories, manifests.Factory(ServiceMonitor)) } } + if len(params.OtelCol.Spec.Prometheus) > 0 { + manifestFactories = append(manifestFactories, manifests.Factory(PrometheusConfigMap)) + } for _, factory := range manifestFactories { res, err := factory(params) if err != nil { diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index b3a5ebe0c..c7f232f91 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -4,11 +4,15 @@ package collector import ( + "fmt" + + "gopkg.in/yaml.v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) @@ -34,3 +38,35 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { }, }, nil } + +func PrometheusConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { + name := naming.PrometheusConfigMap(params.OtelCol.Name) + labels := manifestutils.Labels(params.OtelCol.ObjectMeta, name, params.OtelCol.Spec.Image, ComponentAmazonCloudWatchAgent, []string{}) + + prometheusReceiverConfig, err := adapters.GetPromConfig(params.OtelCol.Spec.Prometheus) + if err != nil { + return &corev1.ConfigMap{}, err + } + + prometheusConfig, ok := prometheusReceiverConfig["config"] + if !ok { + return &corev1.ConfigMap{}, fmt.Errorf("no prometheusConfig available as part of the configuration") + } + + prometheusConfigYAML, err := yaml.Marshal(prometheusConfig) + if err != nil { + return &corev1.ConfigMap{}, err + } + + return &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: params.OtelCol.Namespace, + Labels: labels, + Annotations: params.OtelCol.Annotations, + }, + Data: map[string]string{ + "prometheus.yaml": string(prometheusConfigYAML), + }, + }, nil +} diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index a711e0a41..b2b1b9df8 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -36,3 +36,7 @@ func TestDesiredConfigMap(t *testing.T) { }) } + +func TestDesiredPrometheusConfigMap(t *testing.T) { + // TBD +} diff --git a/internal/manifests/collector/container.go b/internal/manifests/collector/container.go index dfed5be5e..ebee5cdad 100644 --- a/internal/manifests/collector/container.go +++ b/internal/manifests/collector/container.go @@ -45,6 +45,10 @@ func Container(cfg config.Config, logger logr.Logger, agent v1alpha1.AmazonCloud if addConfig { volumeMounts = append(volumeMounts, getVolumeMounts(agent.Spec.NodeSelector["kubernetes.io/os"])) + + if len(agent.Spec.Prometheus) > 0 { + volumeMounts = append(volumeMounts, getPrometheusVolumeMounts(agent.Spec.NodeSelector["kubernetes.io/os"])) + } } // ensure that the v1alpha1.AmazonCloudWatchAgentSpec.Args are ordered when moved to container.Args, @@ -123,6 +127,22 @@ func getVolumeMounts(os string) corev1.VolumeMount { return volumeMount } +func getPrometheusVolumeMounts(os string) corev1.VolumeMount { + var volumeMount corev1.VolumeMount + if os == "windows" { + volumeMount = corev1.VolumeMount{ + Name: naming.PrometheusConfigMapVolume(), + MountPath: "C:\\Program Files\\Amazon\\AmazonCloudWatchAgent\\prometheusconfig", + } + } else { + volumeMount = corev1.VolumeMount{ + Name: naming.PrometheusConfigMapVolume(), + MountPath: "/etc/prometheusconfig", + } + } + return volumeMount +} + func portMapToContainerPortList(portMap map[string]corev1.ContainerPort) []corev1.ContainerPort { ports := make([]corev1.ContainerPort, 0, len(portMap)) for _, p := range portMap { diff --git a/internal/manifests/collector/container_test.go b/internal/manifests/collector/container_test.go index 23776bbfc..6b8a544ce 100644 --- a/internal/manifests/collector/container_test.go +++ b/internal/manifests/collector/container_test.go @@ -19,3 +19,14 @@ func TestGetVolumeMounts(t *testing.T) { volumeMount = getVolumeMounts("") assert.Equal(t, volumeMount.MountPath, "/etc/cwagentconfig") } + +func TestGetPrometheusVolumeMounts(t *testing.T) { + volumeMount := getPrometheusVolumeMounts("windows") + assert.Equal(t, volumeMount.MountPath, "C:\\Program Files\\Amazon\\AmazonCloudWatchAgent\\prometheusconfig") + + volumeMount = getPrometheusVolumeMounts("linux") + assert.Equal(t, volumeMount.MountPath, "/etc/prometheusconfig") + + volumeMount = getPrometheusVolumeMounts("") + assert.Equal(t, volumeMount.MountPath, "/etc/prometheusconfig") +} diff --git a/internal/manifests/collector/volume.go b/internal/manifests/collector/volume.go index ead3c005a..fbc05574f 100644 --- a/internal/manifests/collector/volume.go +++ b/internal/manifests/collector/volume.go @@ -27,6 +27,23 @@ func Volumes(cfg config.Config, otelcol v1alpha1.AmazonCloudWatchAgent) []corev1 }, }} + if len(otelcol.Spec.Prometheus) > 0 { + volumes = append(volumes, corev1.Volume{ + Name: naming.PrometheusConfigMapVolume(), + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: naming.PrometheusConfigMap(otelcol.Name), + }, + Items: []corev1.KeyToPath{{ + Key: cfg.PrometheusConfigMapEntry(), + Path: cfg.PrometheusConfigMapEntry(), + }}, + }, + }, + }) + } + if len(otelcol.Spec.Volumes) > 0 { volumes = append(volumes, otelcol.Spec.Volumes...) } diff --git a/internal/manifests/collector/volume_test.go b/internal/manifests/collector/volume_test.go index a86459af5..f52e1d5b3 100644 --- a/internal/manifests/collector/volume_test.go +++ b/internal/manifests/collector/volume_test.go @@ -20,6 +20,8 @@ func TestVolumeNewDefault(t *testing.T) { otelcol := v1alpha1.AmazonCloudWatchAgent{} cfg := config.New() + // TBD: Prometheus + // test volumes := Volumes(cfg, otelcol) @@ -41,6 +43,8 @@ func TestVolumeAllowsMoreToBeAdded(t *testing.T) { } cfg := config.New() + // TBD: Prometheus + // test volumes := Volumes(cfg, otelcol) @@ -66,6 +70,8 @@ func TestVolumeWithMoreConfigMaps(t *testing.T) { } cfg := config.New() + // TBD: Prometheus + // test volumes := Volumes(cfg, otelcol) diff --git a/internal/naming/main.go b/internal/naming/main.go index 3940b1fa7..c198fb2d7 100644 --- a/internal/naming/main.go +++ b/internal/naming/main.go @@ -14,6 +14,11 @@ func TAConfigMap(otelcol string) string { return DNSName(Truncate("%s-target-allocator", 63, otelcol)) } +// PrometheusConfigMap returns the name for the prometheus config map. +func PrometheusConfigMap(otelcol string) string { + return DNSName(Truncate("%s-prometheus-config", 63, otelcol)) +} + // ConfigMapVolume returns the name to use for the config map's volume in the pod. func ConfigMapVolume() string { return "otc-internal" @@ -29,6 +34,11 @@ func TAConfigMapVolume() string { return "ta-internal" } +// PrometheusConfigMapVolume returns the name to use for the prometheus config map's volume in the pod. +func PrometheusConfigMapVolume() string { + return "prometheus-config" +} + // Container returns the name to use for the container in the pod. func Container() string { return "otc-container" From 2fffbdb0f123ac0ddceeabba58db367c034f0f38 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 30 Aug 2024 13:05:51 -0400 Subject: [PATCH 37/99] Spacing. --- internal/manifests/targetallocator/deployment_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/manifests/targetallocator/deployment_test.go b/internal/manifests/targetallocator/deployment_test.go index 5b6151e7d..177f61c81 100644 --- a/internal/manifests/targetallocator/deployment_test.go +++ b/internal/manifests/targetallocator/deployment_test.go @@ -225,6 +225,7 @@ func TestDeploymentNodeSelector(t *testing.T) { assert.NoError(t, err) assert.Equal(t, map[string]string{"node-key": "node-value"}, d2.Spec.Template.Spec.NodeSelector) } + func TestDeploymentAffinity(t *testing.T) { // Test default otelcol1 := v1alpha1.AmazonCloudWatchAgent{ From e254d68accf104208807a2ae5fb35af170a3ebd7 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 30 Aug 2024 13:09:06 -0400 Subject: [PATCH 38/99] Spacing. --- internal/manifests/targetallocator/container_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/manifests/targetallocator/container_test.go b/internal/manifests/targetallocator/container_test.go index aadcc775d..7d4d74a93 100644 --- a/internal/manifests/targetallocator/container_test.go +++ b/internal/manifests/targetallocator/container_test.go @@ -308,6 +308,7 @@ func TestContainerDoesNotOverrideEnvVars(t *testing.T) { // verify assert.Equal(t, expected, c) } + func TestReadinessProbe(t *testing.T) { otelcol := v1alpha1.AmazonCloudWatchAgent{ Spec: v1alpha1.AmazonCloudWatchAgentSpec{ @@ -332,6 +333,7 @@ func TestReadinessProbe(t *testing.T) { // verify assert.Equal(t, expected, c.ReadinessProbe) } + func TestLivenessProbe(t *testing.T) { // prepare otelcol := v1alpha1.AmazonCloudWatchAgent{ From 15bfd187679a5a972dfcfc17949cb9fd19030387 Mon Sep 17 00:00:00 2001 From: Harry Date: Fri, 30 Aug 2024 13:40:54 -0700 Subject: [PATCH 39/99] Update E2E file name (#213) * Update E2E file name * Remove Java from Metric Limiter Prefix --- .github/workflows/application-signals-e2e-test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index efff61fb4..ca753f04b 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -23,7 +23,7 @@ concurrency: jobs: java-eks-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-eks-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-eks-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -33,7 +33,7 @@ jobs: java-metric-limiter-e2e-test: needs: [ java-eks-e2e-test ] - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-metric-limiter-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/metric-limiter-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -42,7 +42,7 @@ jobs: cw-agent-operator-tag: ${{ inputs.tag }} java-k8s-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-k8s-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-k8s-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -50,7 +50,7 @@ jobs: cw-agent-operator-tag: ${{ inputs.tag }} python-eks-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-eks-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-eks-test.yml@main needs: [ java-metric-limiter-e2e-test ] secrets: inherit with: @@ -61,7 +61,7 @@ jobs: python-k8s-e2e-test: needs: [ java-k8s-e2e-test ] - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-k8s-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-k8s-test.yml@main secrets: inherit with: aws-region: us-east-1 From 95a68d15e40c777a8e1b74e138fd8b8974daf1cb Mon Sep 17 00:00:00 2001 From: Parampreet Singh <50599809+Paramadon@users.noreply.github.com> Date: Tue, 3 Sep 2024 11:15:55 -0400 Subject: [PATCH 40/99] Adding support for NodeJS auto instrumentation and integ tests (#220) --- .../workflows/operator-integration-test.yml | 48 +++++++++++--- Dockerfile | 3 +- Makefile | 3 +- README.md | 1 + .../validate_annotation_daemonset_test.go | 32 +++++++++- .../validate_annotation_methods.go | 25 +++++++- .../validate_annotations_deployment_test.go | 47 +++++++++++++- .../validate_annotations_namespace_test.go | 46 +++++++++++++- .../validate_annotations_statefulset_test.go | 39 +++++++++++- ..._instrumentation_nodejs_env_variables.json | 11 ++++ .../nodejs/sample-deployment-nodejs.yaml | 20 ++++++ main.go | 10 +++ pkg/instrumentation/auto/config.go | 3 + pkg/instrumentation/auto/config_test.go | 10 +++ pkg/instrumentation/defaultinstrumentation.go | 27 ++++++-- .../defaultinstrumentation_test.go | 63 +++++++++++++++++-- pkg/instrumentation/podmutator_test.go | 3 +- versions.txt | 1 + 18 files changed, 365 insertions(+), 27 deletions(-) create mode 100644 integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json create mode 100644 integration-tests/nodejs/sample-deployment-nodejs.yaml diff --git a/.github/workflows/operator-integration-test.yml b/.github/workflows/operator-integration-test.yml index 463e9d0c3..e19b475f8 100644 --- a/.github/workflows/operator-integration-test.yml +++ b/.github/workflows/operator-integration-test.yml @@ -127,6 +127,27 @@ jobs: go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json kubectl delete instrumentation sample-instrumentation + - name: Test for default instrumentation resources for nodejs + run: | + kubectl delete pods --all -n default + sleep 5 + cat integration-tests/nodejs/sample-deployment-nodejs.yaml + kubectl apply -f integration-tests/nodejs/sample-deployment-nodejs.yaml + sleep 5 + kubectl wait --for=condition=Available deployment/nginx -n default + kubectl get pods -A + kubectl describe pods -n default + go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json + + - name: Test for defined instrumentation resources for nodejs + run: | + kubectl apply -f integration-tests/manifests/sample-instrumentation.yaml + kubectl delete pods --all -n default + sleep 5 + kubectl wait --for=condition=Available deployment/nginx -n default + sleep 5 + go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json + kubectl delete instrumentation sample-instrumentation - name: Test for default instrumentation resources for all languages run: | @@ -142,7 +163,8 @@ jobs: kubectl apply -f integration-tests/manifests/sample-instrumentation.yaml kubectl delete pods --all -n default sleep 5 - kubectl wait --for=condition=Ready pod --all -n default + kubectl wait --for=condition=Available deployment/nginx -n default + sleep 5 go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json kubectl delete instrumentation sample-instrumentation @@ -183,11 +205,12 @@ jobs: - name: Test Annotations run: | - kubectl apply -f integration-tests/manifests/sample-deployment.yaml kubectl get pods -A kubectl describe pods -n default - sleep 5 + sleep 10 go test -v -run TestAllLanguagesDeployment ./integration-tests/manifests/annotations -timeout 30m + kubectl get pods -A + kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m sleep 5 @@ -195,6 +218,8 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m sleep 5 + go test -v -run TestNodeJSOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m + sleep 5 go test -v -run TestAnnotationsOnMultipleResources ./integration-tests/manifests/annotations -timeout 30m DaemonsetAnnotationsTest: @@ -233,11 +258,12 @@ jobs: - name: Test Annotations run: | - kubectl apply -f integration-tests/manifests/sample-daemonset.yaml sleep 5 kubectl get pods -A kubectl describe pods -n default go test -v -run TestAllLanguagesDaemonSet ./integration-tests/manifests/annotations -timeout 30m + kubectl get pods -A + kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 @@ -245,6 +271,8 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 + go test -v -run TestNodeJSOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m + sleep 5 go test -v -run TestAutoAnnotationForManualAnnotationRemoval ./integration-tests/manifests/annotations -timeout 30m StatefulsetAnnotationsTest: @@ -283,16 +311,20 @@ jobs: - name: Test Annotations run: | - kubectl apply -f integration-tests/manifests/sample-statefulset.yaml - sleep 5 kubectl get pods -A kubectl describe pods -n default go test -v -run TestAllLanguagesStatefulSet ./integration-tests/manifests/annotations -timeout 30m + kubectl get pods -A + kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 go test -v -run TestPythonOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 + go test -v -run TestDotNetOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m + sleep 5 + go test -v -run TestNodeJSOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m + sleep 5 go test -v -run TestOnlyNonAnnotatedAppsShouldBeRestarted ./integration-tests/manifests/annotations -timeout 30m @@ -342,4 +374,6 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyNamespace ./integration-tests/manifests/annotations -timeout 30m sleep 5 - go test -v -run TestAlreadyAutoAnnotatedResourceShouldNotRestart ./integration-tests/manifests/annotations -timeout 30m + go test -v -run TestNodeJSOnlyNamespace ./integration-tests/manifests/annotations -timeout 30m + sleep 5 + go test -v -run TestAlreadyAutoAnnotatedResourceShouldNotRestart ./integration-tests/manifests/annotations -timeout 30m \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 57e479d38..e3bca8565 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,11 +27,12 @@ ARG AGENT_VERSION ARG AUTO_INSTRUMENTATION_JAVA_VERSION ARG AUTO_INSTRUMENTATION_PYTHON_VERSION ARG AUTO_INSTRUMENTATION_DOTNET_VERSION +ARG AUTO_INSTRUMENTATION_NODEJS_VERSION ARG DCMG_EXPORTER_VERSION ARG NEURON_MONITOR_VERSION # Build -RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION}" -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.autoInstrumentationNodeJS=${AUTO_INSTRUMENTATION_NODEJS_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION}" -a -o manager main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/Makefile b/Makefile index 6df879668..4e3777b38 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ AGENT_VERSION ?= "$(shell grep -v '\#' versions.txt | grep cloudwatch-agent | aw AUTO_INSTRUMENTATION_JAVA_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-java-instrumentation | awk -F= '{print $$2}')" AUTO_INSTRUMENTATION_PYTHON_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-python-instrumentation | awk -F= '{print $$2}')" AUTO_INSTRUMENTATION_DOTNET_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-dotnet-instrumentation | awk -F= '{print $$2}')" +AUTO_INSTRUMENTATION_NODEJS_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-nodejs-instrumentation | awk -F= '{print $$2}')" DCGM_EXPORTER_VERSION ?= "$(shell grep -v '\#' versions.txt | grep dcgm-exporter | awk -F= '{print $$2}')" NEURON_MONITOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep neuron-monitor | awk -F= '{print $$2}')" @@ -154,7 +155,7 @@ generate: controller-gen api-docs # buildx is used to ensure same results for arm based systems (m1/2 chips) .PHONY: container container: - docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} . + docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg AUTO_INSTRUMENTATION_NODEJS_VERSION=${AUTO_INSTRUMENTATION_NODEJS_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} . # Push the container image, used only for local dev purposes .PHONY: container-push diff --git a/README.md b/README.md index c7b30c028..706926de2 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ Supported Languages: - Java - Python - .NET +- NodeJS This repo is based off of the [OpenTelemetry Operator](https://github.com/open-telemetry/opentelemetry-operator) diff --git a/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go b/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go index bacbb22c4..5aae96ee0 100644 --- a/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go +++ b/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go @@ -42,6 +42,12 @@ func TestAllLanguagesDaemonSet(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{""}, }, + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{filepath.Join(uniqueNamespace, daemonSetName)}, + Deployments: []string{""}, + StatefulSets: []string{""}, + }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -51,7 +57,7 @@ func TestAllLanguagesDaemonSet(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } @@ -156,3 +162,27 @@ func TestDotNetOnlyDaemonSet(t *testing.T) { } } +func TestNodeJSOnlyDaemonSet(t *testing.T) { + clientSet := setupTest(t) + randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) + if err != nil { + panic(err) + } + randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace + uniqueNamespace := fmt.Sprintf("daemonset-namespace-nodejs-only-%d", randomNumber) + annotationConfig := auto.AnnotationConfig{ + NodeJS: auto.AnnotationResources{ + DaemonSets: []string{filepath.Join(uniqueNamespace, daemonSetName)}, + }, + } + jsonStr, err := json.Marshal(annotationConfig) + if err != nil { + t.Error("Error:", err) + } + startTime := time.Now() + updateTheOperator(t, clientSet, string(jsonStr)) + + if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { + t.Fatalf("Failed annotation check: %s", err.Error()) + } +} diff --git a/integration-tests/manifests/annotations/validate_annotation_methods.go b/integration-tests/manifests/annotations/validate_annotation_methods.go index 4acb6eb5c..b9f8da0e1 100644 --- a/integration-tests/manifests/annotations/validate_annotation_methods.go +++ b/integration-tests/manifests/annotations/validate_annotation_methods.go @@ -35,6 +35,9 @@ const ( injectDotNetAnnotation = "instrumentation.opentelemetry.io/inject-dotnet" autoAnnotateDotNetAnnotation = "cloudwatch.aws.amazon.com/auto-annotate-dotnet" + injectNodeJSAnnotation = "instrumentation.opentelemetry.io/inject-nodejs" + autoAnnotateNodeJSAnnotation = "cloudwatch.aws.amazon.com/auto-annotate-nodejs" + deploymentName = "sample-deployment" nginxDeploymentName = "nginx" statefulSetName = "sample-statefulset" @@ -175,8 +178,9 @@ func checkNameSpaceAnnotations(t *testing.T, clientSet *kubernetes.Clientset, ex fmt.Println("There was an error getting namespace, ", err) return false } + for _, annotation := range expectedAnnotations { - fmt.Printf("\n This is the annotation: %v and its status %v, namespace name: %v, \n", annotation, ns.Status, ns.Name) + fmt.Printf("\n This is the annotation: %v and its status %v, namespace name: %v, \n", ns.ObjectMeta.Annotations, ns.Status, ns.Name) if ns.ObjectMeta.Annotations[annotation] != "true" { time.Sleep(timeBetweenRetries) correct = false @@ -261,6 +265,25 @@ func checkIfAnnotationExists(clientset *kubernetes.Clientset, pods *v1.PodList, } fmt.Println("Annotations not found in all pods or some pods are not in Running phase. Retrying...") + cmd := exec.Command("kubectl", "rollout", "restart", "deployment", amazonControllerManager, "-n", amazonCloudwatchNamespace) + + // Run the command and capture the output + output, err := cmd.CombinedOutput() + if err != nil { + fmt.Printf("Error restarting deployment: %v\n", err) + fmt.Printf("Output: %s\n", output) + } else { + fmt.Printf("Successfully deleted deployment: %s\n", output) + } + waitCmd := exec.Command("kubectl", "wait", "--for=condition=Available", "deployment/"+amazonControllerManager, "-n", amazonCloudwatchNamespace, "--timeout=300s") + + waitOutput, err := waitCmd.CombinedOutput() + if err != nil { + fmt.Printf("Error waiting for deployment: %v\n", err) + fmt.Printf("Output: %s\n", waitOutput) + } else { + fmt.Printf("Deployment is now available: %s\n", waitOutput) + } time.Sleep(timeBetweenRetries) } } diff --git a/integration-tests/manifests/annotations/validate_annotations_deployment_test.go b/integration-tests/manifests/annotations/validate_annotations_deployment_test.go index 8c0a91cea..0fdee2662 100644 --- a/integration-tests/manifests/annotations/validate_annotations_deployment_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_deployment_test.go @@ -44,6 +44,12 @@ func TestAllLanguagesDeployment(t *testing.T) { Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, StatefulSets: []string{""}, }, + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{""}, + Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, + StatefulSets: []string{""}, + }, } jsonStr, err := json.Marshal(annotationConfig) assert.Nil(t, err) @@ -51,7 +57,7 @@ func TestAllLanguagesDeployment(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } @@ -89,7 +95,7 @@ func TestJavaOnlyDeployment(t *testing.T) { updateTheOperator(t, clientSet, string(jsonStr)) if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation}, false); err != nil { - t.Fatalf("Failed annotation check: %s", err.Error()) + t.Fatalf("Failed annotation check: %s", err.Error()) } } @@ -167,3 +173,40 @@ func TestDotNetOnlyDeployment(t *testing.T) { } } + +func TestNodeJSOnlyDeployment(t *testing.T) { + + clientSet := setupTest(t) + randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) + if err != nil { + panic(err) + } + randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace + uniqueNamespace := fmt.Sprintf("deployment-namespace-nodejs-only-%d", randomNumber) + + annotationConfig := auto.AnnotationConfig{ + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{""}, + Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, + StatefulSets: []string{""}, + }, + } + jsonStr, err := json.Marshal(annotationConfig) + if err != nil { + t.Error("Error:", err) + t.Error("Error:", err) + + } + + startTime := time.Now() + updateTheOperator(t, clientSet, string(jsonStr)) + if err != nil { + t.Errorf("Failed to get deployment app: %s", err.Error()) + } + + if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { + t.Fatalf("Failed annotation check: %s", err.Error()) + } + +} diff --git a/integration-tests/manifests/annotations/validate_annotations_namespace_test.go b/integration-tests/manifests/annotations/validate_annotations_namespace_test.go index 4f8e97316..57edc1e22 100644 --- a/integration-tests/manifests/annotations/validate_annotations_namespace_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_namespace_test.go @@ -50,6 +50,12 @@ func TestAllLanguagesNamespace(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{""}, }, + NodeJS: auto.AnnotationResources{ + Namespaces: []string{uniqueNamespace}, + DaemonSets: []string{""}, + Deployments: []string{""}, + StatefulSets: []string{""}, + }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -58,7 +64,7 @@ func TestAllLanguagesNamespace(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if !checkNameSpaceAnnotations(t, clientSet, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, uniqueNamespace, startTime) { + if !checkNameSpaceAnnotations(t, clientSet, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, uniqueNamespace, startTime) { t.Error("Missing Languages annotations") } } @@ -184,6 +190,44 @@ func TestDotNetOnlyNamespace(t *testing.T) { } } +func TestNodeJSOnlyNamespace(t *testing.T) { + + clientSet := setupTest(t) + randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) + if err != nil { + panic(err) + } + randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace + uniqueNamespace := fmt.Sprintf("namespace-nodejs-only-%d", randomNumber) + if err := createNamespace(clientSet, uniqueNamespace); err != nil { + t.Fatalf("Failed to create/apply resoures on namespace: %v", err) + } + + defer func() { + if err := deleteNamespace(clientSet, uniqueNamespace); err != nil { + t.Fatalf("Failed to delete namespace: %v", err) + } + }() + + annotationConfig := auto.AnnotationConfig{ + NodeJS: auto.AnnotationResources{ + Namespaces: []string{uniqueNamespace}, + }, + } + jsonStr, err := json.Marshal(annotationConfig) + if err != nil { + t.Error("Error:", err) + } + + startTime := time.Now() + + updateTheOperator(t, clientSet, string(jsonStr)) + + if !checkNameSpaceAnnotations(t, clientSet, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, uniqueNamespace, startTime) { + t.Error("Missing nodejs annotations") + } +} + // Multiple resources on the same namespace should all get annotations func TestAnnotationsOnMultipleResources(t *testing.T) { diff --git a/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go b/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go index 3e25f34e9..4f8ccea04 100644 --- a/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go @@ -42,6 +42,12 @@ func TestAllLanguagesStatefulSet(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, }, + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{""}, + Deployments: []string{""}, + StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, + }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -49,7 +55,7 @@ func TestAllLanguagesStatefulSet(t *testing.T) { } startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } } @@ -150,7 +156,36 @@ func TestDotNetOnlyStatefulSet(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + t.Fatalf("Failed annotation check: %s", err.Error()) + } +} +func TestNodeJSOnlyStatefulSet(t *testing.T) { + + clientSet := setupTest(t) + randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) + if err != nil { + panic(err) + } + randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace + uniqueNamespace := fmt.Sprintf("statefulset-namespace-nodejs-only-%d", randomNumber) + annotationConfig := auto.AnnotationConfig{ + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{""}, + Deployments: []string{""}, + StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, + }, + } + jsonStr, err := json.Marshal(annotationConfig) + if err != nil { + t.Error("Error:", err) + } + + startTime := time.Now() + updateTheOperator(t, clientSet, string(jsonStr)) + + if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } } diff --git a/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json b/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json new file mode 100644 index 000000000..a075b8eed --- /dev/null +++ b/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json @@ -0,0 +1,11 @@ + +{ +"OTEL_AWS_APPLICATION_SIGNALS_ENABLED": "true", +"OTEL_TRACES_SAMPLER_ARG" : "endpoint=http://cloudwatch-agent.amazon-cloudwatch:2000", +"OTEL_TRACES_SAMPLER": "xray", +"OTEL_EXPORTER_OTLP_PROTOCOL": "http/protobuf", +"OTEL_EXPORTER_OTLP_TRACES_ENDPOINT" : "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces", +"OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT": "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics", +"OTEL_METRICS_EXPORTER": "none", +"OTEL_LOGS_EXPORTER": "none" +} \ No newline at end of file diff --git a/integration-tests/nodejs/sample-deployment-nodejs.yaml b/integration-tests/nodejs/sample-deployment-nodejs.yaml new file mode 100644 index 000000000..a5d57aa32 --- /dev/null +++ b/integration-tests/nodejs/sample-deployment-nodejs.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + annotations: + instrumentation.opentelemetry.io/inject-nodejs: "true" + spec: + containers: + - name: nginx + image: nginx:1.14.2 + restartPolicy: Always +status: {} \ No newline at end of file diff --git a/main.go b/main.go index cf607e7bd..e21f5e704 100644 --- a/main.go +++ b/main.go @@ -49,6 +49,7 @@ const ( autoInstrumentationJavaImageRepository = "public.ecr.aws/aws-observability/adot-autoinstrumentation-java" autoInstrumentationPythonImageRepository = "public.ecr.aws/aws-observability/adot-autoinstrumentation-python" autoInstrumentationDotNetImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet" + autoInstrumentationNodeJSImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs" dcgmExporterImageRepository = "nvcr.io/nvidia/k8s/dcgm-exporter" neuronMonitorImageRepository = "public.ecr.aws/neuron" ) @@ -118,6 +119,7 @@ func main() { autoInstrumentationJava string autoInstrumentationPython string autoInstrumentationDotNet string + autoInstrumentationNodeJS string autoAnnotationConfigStr string autoInstrumentationConfigStr string webhookPort int @@ -133,6 +135,7 @@ func main() { stringFlagOrEnv(&autoInstrumentationJava, "auto-instrumentation-java-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_JAVA", fmt.Sprintf("%s:%s", autoInstrumentationJavaImageRepository, v.AutoInstrumentationJava), "The default OpenTelemetry Java instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoInstrumentationPython, "auto-instrumentation-python-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_PYTHON", fmt.Sprintf("%s:%s", autoInstrumentationPythonImageRepository, v.AutoInstrumentationPython), "The default OpenTelemetry Python instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoInstrumentationDotNet, "auto-instrumentation-dotnet-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_DOTNET", fmt.Sprintf("%s:%s", autoInstrumentationDotNetImageRepository, v.AutoInstrumentationDotNet), "The default OpenTelemetry Dotnet instrumentation image. This image is used when no image is specified in the CustomResource.") + stringFlagOrEnv(&autoInstrumentationNodeJS, "auto-instrumentation-nodejs-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_NODEJS", fmt.Sprintf("%s:%s", autoInstrumentationNodeJSImageRepository, v.AutoInstrumentationNodeJS), "The default OpenTelemetry NodeJS instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoAnnotationConfigStr, "auto-annotation-config", "AUTO_ANNOTATION_CONFIG", "", "The configuration for auto-annotation.") pflag.StringVar(&autoInstrumentationConfigStr, "auto-instrumentation-config", "", "The configuration for auto-instrumentation.") stringFlagOrEnv(&dcgmExporterImage, "dcgm-exporter-image", "RELATED_IMAGE_DCGM_EXPORTER", fmt.Sprintf("%s:%s", dcgmExporterImageRepository, v.DcgmExporter), "The default DCGM Exporter image. This image is used when no image is specified in the CustomResource.") @@ -154,11 +157,15 @@ func main() { if dotNetVar, ok := autoInstrumentationConfig["dotnet"]; ok { setLangEnvVars("DOTNET", dotNetVar) } + if dotNetVar, ok := autoInstrumentationConfig["nodejs"]; ok { + setLangEnvVars("NODEJS", dotNetVar) + } // set supported language instrumentation images in environment variable to be used for default instrumentation os.Setenv("AUTO_INSTRUMENTATION_JAVA", autoInstrumentationJava) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", autoInstrumentationPython) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", autoInstrumentationDotNet) + os.Setenv("AUTO_INSTRUMENTATION_NODEJS", autoInstrumentationNodeJS) logger := zap.New(zap.UseFlagOptions(&opts)) ctrl.SetLogger(logger) @@ -169,6 +176,7 @@ func main() { "auto-instrumentation-java", autoInstrumentationJava, "auto-instrumentation-python", autoInstrumentationPython, "auto-instrumentation-dotnet", autoInstrumentationDotNet, + "auto-instrumentation-nodejs", autoInstrumentationNodeJS, "dcgm-exporter", dcgmExporterImage, "neuron-monitor", neuronMonitorImage, "build-date", v.BuildDate, @@ -184,6 +192,7 @@ func main() { config.WithAutoInstrumentationJavaImage(autoInstrumentationJava), config.WithAutoInstrumentationPythonImage(autoInstrumentationPython), config.WithAutoInstrumentationDotNetImage(autoInstrumentationDotNet), + config.WithAutoInstrumentationNodeJSImage(autoInstrumentationNodeJS), config.WithDcgmExporterImage(dcgmExporterImage), config.WithNeuronMonitorImage(neuronMonitorImage), ) @@ -281,6 +290,7 @@ func main() { instrumentation.TypeJava, instrumentation.TypePython, instrumentation.TypeDotNet, + instrumentation.TypeNodeJS, ), ) mgr.GetWebhookServer().Register("/mutate-v1-workload", &webhook.Admission{ diff --git a/pkg/instrumentation/auto/config.go b/pkg/instrumentation/auto/config.go index 30ade1eef..12b5e9e6d 100644 --- a/pkg/instrumentation/auto/config.go +++ b/pkg/instrumentation/auto/config.go @@ -11,6 +11,7 @@ type AnnotationConfig struct { Java AnnotationResources `json:"java"` Python AnnotationResources `json:"python"` DotNet AnnotationResources `json:"dotnet"` + NodeJS AnnotationResources `json:"nodejs"` } func (c AnnotationConfig) getResources(instType instrumentation.Type) AnnotationResources { @@ -21,6 +22,8 @@ func (c AnnotationConfig) getResources(instType instrumentation.Type) Annotation return c.Python case instrumentation.TypeDotNet: return c.DotNet + case instrumentation.TypeNodeJS: + return c.NodeJS default: return AnnotationResources{} } diff --git a/pkg/instrumentation/auto/config_test.go b/pkg/instrumentation/auto/config_test.go index 1300ad9dc..de563df67 100644 --- a/pkg/instrumentation/auto/config_test.go +++ b/pkg/instrumentation/auto/config_test.go @@ -31,7 +31,14 @@ func TestConfig(t *testing.T) { DaemonSets: []string{"ds3"}, StatefulSets: []string{"ss3"}, }, + NodeJS: AnnotationResources{ + Namespaces: []string{"n3"}, + Deployments: []string{"d3"}, + DaemonSets: []string{"ds3"}, + StatefulSets: []string{"ss3"}, + }, } + assert.Equal(t, cfg.Java, cfg.getResources(instrumentation.TypeJava)) assert.Equal(t, []string{"n1"}, getNamespaces(cfg.Java)) assert.Equal(t, []string{"d1"}, getDeployments(cfg.Java)) @@ -42,4 +49,7 @@ func TestConfig(t *testing.T) { assert.Equal(t, []string{"ds3"}, getDaemonSets(cfg.DotNet)) assert.Equal(t, []string{"ss3"}, getStatefulSets(cfg.DotNet)) assert.Equal(t, AnnotationResources{}, cfg.getResources("invalidType")) + assert.Equal(t, cfg.NodeJS, cfg.getResources(instrumentation.TypeNodeJS)) + assert.Equal(t, []string{"ds3"}, getDaemonSets(cfg.NodeJS)) + assert.Equal(t, []string{"ss3"}, getStatefulSets(cfg.NodeJS)) } diff --git a/pkg/instrumentation/defaultinstrumentation.go b/pkg/instrumentation/defaultinstrumentation.go index e9946148c..2f6fa918c 100644 --- a/pkg/instrumentation/defaultinstrumentation.go +++ b/pkg/instrumentation/defaultinstrumentation.go @@ -18,10 +18,10 @@ import ( ) const ( - defaultAPIVersion = "cloudwatch.aws.amazon.com/v1alpha1" - defaultInstrumenation = "java-instrumentation" - defaultNamespace = "default" - defaultKind = "Instrumentation" + defaultAPIVersion = "cloudwatch.aws.amazon.com/v1alpha1" + defaultInstrumentation = "java-instrumentation" + defaultNamespace = "default" + defaultKind = "Instrumentation" http = "http" https = "https" @@ -62,6 +62,10 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo if !ok { return nil, errors.New("unable to determine dotnet instrumentation image") } + nodeJSInstrumentationImage, ok := os.LookupEnv("AUTO_INSTRUMENTATION_NODEJS") + if !ok { + return nil, errors.New("unable to determine nodejs instrumentation image") + } cloudwatchAgentServiceEndpoint := "cloudwatch-agent.amazon-cloudwatch" if isWindowsPod { @@ -86,7 +90,7 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -157,6 +161,19 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo Requests: getInstrumentationConfigForResource(dotNet, request), }, }, + NodeJS: v1alpha1.NodeJS{ + Image: nodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: fmt.Sprintf("endpoint=%s://%s:2000", exporterPrefix, cloudwatchAgentServiceEndpoint)}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: fmt.Sprintf("%s://%s:4316/v1/traces", exporterPrefix, cloudwatchAgentServiceEndpoint)}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: fmt.Sprintf("%s://%s:4316/v1/metrics", exporterPrefix, cloudwatchAgentServiceEndpoint)}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + }, }, }, nil } diff --git a/pkg/instrumentation/defaultinstrumentation_test.go b/pkg/instrumentation/defaultinstrumentation_test.go index ebe5c3f3c..d1611f8dd 100644 --- a/pkg/instrumentation/defaultinstrumentation_test.go +++ b/pkg/instrumentation/defaultinstrumentation_test.go @@ -21,6 +21,7 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_JAVA", defaultJavaInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", defaultPythonInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", defaultDotNetInstrumentationImage) + os.Setenv("AUTO_INSTRUMENTATION_NODEJS", defaultNodeJSInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_LIMIT", "500m") os.Setenv("AUTO_INSTRUMENTATION_JAVA_MEM_LIMIT", "64Mi") os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_REQUEST", "50m") @@ -41,7 +42,7 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -130,6 +131,19 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { }, }, }, + NodeJS: v1alpha1.NodeJS{ + Image: defaultNodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=http://cloudwatch-agent.amazon-cloudwatch:2000"}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces"}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics"}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + }, }, } httpsInst := &v1alpha1.Instrumentation{ @@ -139,7 +153,7 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -228,6 +242,19 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { }, }, }, + NodeJS: v1alpha1.NodeJS{ + Image: defaultNodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=https://cloudwatch-agent.amazon-cloudwatch:2000"}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "https://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces"}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "https://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics"}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + }, }, } @@ -286,12 +313,14 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { } }) } + } func Test_getDefaultInstrumentationWindows(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_JAVA", defaultJavaInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", defaultPythonInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", defaultDotNetInstrumentationImage) + os.Setenv("AUTO_INSTRUMENTATION_NODEJS", defaultNodeJSInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_LIMIT", "500m") os.Setenv("AUTO_INSTRUMENTATION_JAVA_MEM_LIMIT", "64Mi") os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_REQUEST", "50m") @@ -312,7 +341,7 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -401,6 +430,19 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { }, }, }, + NodeJS: v1alpha1.NodeJS{ + Image: defaultNodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:2000"}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/traces"}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/metrics"}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + }, }, } httpsInst := &v1alpha1.Instrumentation{ @@ -410,7 +452,7 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -499,6 +541,19 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { }, }, }, + NodeJS: v1alpha1.NodeJS{ + Image: defaultNodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:2000"}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/traces"}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/metrics"}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + }, }, } diff --git a/pkg/instrumentation/podmutator_test.go b/pkg/instrumentation/podmutator_test.go index f00c78540..cbf66bc2f 100644 --- a/pkg/instrumentation/podmutator_test.go +++ b/pkg/instrumentation/podmutator_test.go @@ -27,11 +27,11 @@ const ( defaultJavaInstrumentationImage = "test.registry/adot-autoinstrumentation-java:test-tag" defaultPythonInstrumentationImage = "test.registry/adot-autoinstrumentation-python:test-tag" defaultDotNetInstrumentationImage = "test.registry/adot-autoinstrumentation-dotnet:test-tag" + defaultNodeJSInstrumentationImage = "test.registry/adot-autoinstrumentation-nodejs:test-tag" ) func TestGetInstrumentationInstanceFromNameSpaceDefault(t *testing.T) { defaultInst, _ := getDefaultInstrumentation(&adapters.CwaConfig{}, false) - namespace := corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: "default-namespace", @@ -49,7 +49,6 @@ func TestGetInstrumentationInstanceFromNameSpaceDefault(t *testing.T) { assert.Nil(t, err) assert.Equal(t, defaultInst, instrumentation) - } func TestMutatePod(t *testing.T) { diff --git a/versions.txt b/versions.txt index 89f400f1e..0b375c65f 100644 --- a/versions.txt +++ b/versions.txt @@ -9,6 +9,7 @@ aws-otel-java-instrumentation=v1.32.2 aws-otel-python-instrumentation=v0.2.0 # This needs to be updated with the latest release of ADOT SDK aws-otel-dotnet-instrumentation=1.6.0 +aws-otel-nodejs-instrumentation=0.52.1 dcgm-exporter=3.3.3-3.3.1-ubuntu22.04 neuron-monitor=1.0.0 \ No newline at end of file From 9aabd53aec8fb53b82c310467faff637b6f451ab Mon Sep 17 00:00:00 2001 From: Mitali Salvi <44349099+mitali-salvi@users.noreply.github.com> Date: Tue, 3 Sep 2024 14:41:00 -0400 Subject: [PATCH 41/99] Version bumps and updating release notes for v1.7.0 release (#221) --- RELEASE_NOTES | 7 +++++++ versions.txt | 15 +++++++-------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/RELEASE_NOTES b/RELEASE_NOTES index 4fd0a5445..940371afe 100644 --- a/RELEASE_NOTES +++ b/RELEASE_NOTES @@ -1,6 +1,13 @@ +======================================================================== +Amazon CloudWatch Agent Operator v1.7.0 (2024-09-03) +======================================================================== +Enhancements: +* [ApplicationSignals] Support NodeJS auto-instrumentation on Linux platforms + ======================================================================== Amazon CloudWatch Agent Operator v1.6.0 (2024-07-30) ======================================================================== +Enhancements: * [ApplicationSignals] Allow configurable resource requests and limits for auto-instrumentation SDK init containers (#196) ======================================================================== diff --git a/versions.txt b/versions.txt index 0b375c65f..65c95256b 100644 --- a/versions.txt +++ b/versions.txt @@ -1,15 +1,14 @@ # Represents the latest stable release of the CloudWatch Agent -cloudwatch-agent=1.300041.0b681 +cloudwatch-agent=1.300045.0b810 # Represents the current release of the CloudWatch Agent Operator. -operator=1.4.1 +operator=1.7.0 # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 -aws-otel-python-instrumentation=v0.2.0 -# This needs to be updated with the latest release of ADOT SDK -aws-otel-dotnet-instrumentation=1.6.0 -aws-otel-nodejs-instrumentation=0.52.1 +aws-otel-python-instrumentation=v0.4.0 +aws-otel-dotnet-instrumentation=v1.3.0 +aws-otel-nodejs-instrumentation=v0.1.0 -dcgm-exporter=3.3.3-3.3.1-ubuntu22.04 -neuron-monitor=1.0.0 \ No newline at end of file +dcgm-exporter=3.3.7-3.5.0-ubuntu22.04 +neuron-monitor=1.0.1 \ No newline at end of file From 681ec79c9cfaf1b4679c6c171b81524bacee02ce Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 4 Sep 2024 09:54:16 -0400 Subject: [PATCH 42/99] Added unit test for checking added volume. --- internal/manifests/collector/volume_test.go | 28 ++++++++++++++++----- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/internal/manifests/collector/volume_test.go b/internal/manifests/collector/volume_test.go index f52e1d5b3..0e94b620b 100644 --- a/internal/manifests/collector/volume_test.go +++ b/internal/manifests/collector/volume_test.go @@ -20,8 +20,6 @@ func TestVolumeNewDefault(t *testing.T) { otelcol := v1alpha1.AmazonCloudWatchAgent{} cfg := config.New() - // TBD: Prometheus - // test volumes := Volumes(cfg, otelcol) @@ -43,8 +41,6 @@ func TestVolumeAllowsMoreToBeAdded(t *testing.T) { } cfg := config.New() - // TBD: Prometheus - // test volumes := Volumes(cfg, otelcol) @@ -70,8 +66,6 @@ func TestVolumeWithMoreConfigMaps(t *testing.T) { } cfg := config.New() - // TBD: Prometheus - // test volumes := Volumes(cfg, otelcol) @@ -82,3 +76,25 @@ func TestVolumeWithMoreConfigMaps(t *testing.T) { assert.Equal(t, "configmap-configmap-test", volumes[1].Name) assert.Equal(t, "configmap-configmap-test2", volumes[2].Name) } + +func TestVolumePrometheus(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Prometheus: "test", + }, + } + cfg := config.New() + + // test + volumes := Volumes(cfg, otelcol) + + // verify + assert.Len(t, volumes, 2) + + // check that it's the otc-internal volume, with the config map + assert.Equal(t, naming.ConfigMapVolume(), volumes[0].Name) + + // check that the second volume is prometheus-config, with the config map + assert.Equal(t, naming.PrometheusConfigMapVolume(), volumes[1].Name) +} From cff2d6e7bece543c0c0a568de428c7e4d435def3 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 4 Sep 2024 14:51:31 -0400 Subject: [PATCH 43/99] Added configmap testing for prometheus. --- .../manifests/collector/configmap_test.go | 59 ++++++++++++++++++- .../collector/testdata/prometheus_test.yaml | 6 ++ 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 internal/manifests/collector/testdata/prometheus_test.yaml diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index b2b1b9df8..de673abb7 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -4,8 +4,15 @@ package collector import ( + "fmt" + "os" "testing" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/stretchr/testify/assert" ) @@ -38,5 +45,55 @@ func TestDesiredConfigMap(t *testing.T) { } func TestDesiredPrometheusConfigMap(t *testing.T) { - // TBD + expectedLabels := map[string]string{ + "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", + "app.kubernetes.io/instance": "default.test", + "app.kubernetes.io/part-of": "amazon-cloudwatch-agent", + "app.kubernetes.io/version": "0.47.0", + } + + configYAML, err := os.ReadFile("testdata/prometheus_test.yaml") + if err != nil { + fmt.Printf("Error getting yaml file: %v", err) + } + + t.Run("should return expected prometheus config map", func(t *testing.T) { + expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" + expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" + expectedLabels["app.kubernetes.io/version"] = "0.0.0" + + expectedData := map[string]string{ + "prometheus.yaml": `scrape_configs: +- job_name: cloudwatch-agent + scrape_interval: 10s + static_configs: + - targets: + - 0.0.0.0:8888 +`, + } + + param := manifests.Params{ + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + TypeMeta: metav1.TypeMeta{ + Kind: "cloudwatch.aws.amazon.com", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + UID: instanceUID, + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Prometheus: string(configYAML), + }, + }, + } + actual, err := PrometheusConfigMap(param) + + assert.NoError(t, err) + assert.Equal(t, "test-prometheus-config", actual.Name) + assert.Equal(t, expectedLabels, actual.Labels) + assert.Equal(t, expectedData, actual.Data) + }) } diff --git a/internal/manifests/collector/testdata/prometheus_test.yaml b/internal/manifests/collector/testdata/prometheus_test.yaml new file mode 100644 index 000000000..bb8b3bfd6 --- /dev/null +++ b/internal/manifests/collector/testdata/prometheus_test.yaml @@ -0,0 +1,6 @@ +config: + scrape_configs: + - job_name: 'cloudwatch-agent' + scrape_interval: 10s + static_configs: + - targets: [ '0.0.0.0:8888' ] \ No newline at end of file From 622570f8d5abc342c85e4a2d350fba2306de8182 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 4 Sep 2024 19:01:33 -0400 Subject: [PATCH 44/99] Enforce statefulset. --- apis/v1alpha1/collector_webhook.go | 5 +++++ apis/v1alpha1/collector_webhook_test.go | 24 ++++++++++++++++++++++++ pkg/featuregate/featuregate.go | 2 +- 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index f2e8affe9..a8f3b1291 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -171,6 +171,11 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the attribute 'AdditionalContainers'", r.Spec.Mode) } + // validate target allocation + if r.Spec.TargetAllocator.Enabled && r.Spec.Mode != ModeStatefulSet { + return warnings, fmt.Errorf("the OpenTelemetry Collector mode is set to %s, which does not support the target allocation deployment", r.Spec.Mode) + } + // validate Prometheus config for target allocation if r.Spec.TargetAllocator.Enabled { promCfg, err := adapters.ConfigFromString(r.Spec.Prometheus) diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index 784bd62a0..21f7879d1 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -367,6 +367,30 @@ func TestOTELColValidatingWebhook(t *testing.T) { }, expectedErr: "does not support the attribute 'tolerations'", }, + { + name: "invalid mode with target allocator", + otelcol: AmazonCloudWatchAgent{ + Spec: AmazonCloudWatchAgentSpec{ + Mode: ModeDeployment, + TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + }, + }, + expectedErr: "does not support the target allocation deployment", + }, + { + name: "invalid target allocator config", + otelcol: AmazonCloudWatchAgent{ + Spec: AmazonCloudWatchAgentSpec{ + Mode: ModeStatefulSet, + TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + }, + }, + }, + expectedErr: "the OpenTelemetry Spec Prometheus configuration is incorrect", + }, { name: "invalid port name", otelcol: AmazonCloudWatchAgent{ diff --git a/pkg/featuregate/featuregate.go b/pkg/featuregate/featuregate.go index 68016f5e5..8c438d598 100644 --- a/pkg/featuregate/featuregate.go +++ b/pkg/featuregate/featuregate.go @@ -66,7 +66,7 @@ var ( // EnableTargetAllocatorRewrite is the feature gate that controls whether the collector's configuration should // automatically be rewritten when the target allocator is enabled. EnableTargetAllocatorRewrite = featuregate.GlobalRegistry().MustRegister( - "operator.collector.rewritetarget-allocator", + "operator.collector.rewritetargetallocator", featuregate.StageBeta, featuregate.WithRegisterDescription("controls whether the operator should configure the collector's targetAllocator configuration"), featuregate.WithRegisterFromVersion("v0.76.1"), From c6a15f33e92e2e7be2e07dc09260bd08541ddd90 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 5 Sep 2024 16:54:49 -0400 Subject: [PATCH 45/99] Implemented ReplacePrometheusConfig to allow for service discovery endpoint. --- go.mod | 2 + go.sum | 281 ++++++++++++++++++ .../manifests/collector/config_replace.go | 64 ++++ internal/manifests/collector/configmap.go | 20 +- .../manifests/collector/configmap_test.go | 13 +- 5 files changed, 364 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 2c1a77918..cd83fe187 100644 --- a/go.mod +++ b/go.mod @@ -41,6 +41,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2 v2.2.1 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect + github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect github.com/armon/go-metrics v0.4.1 // indirect github.com/aws/aws-sdk-go v1.45.25 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -128,6 +129,7 @@ require ( github.com/prometheus/client_golang v1.17.0 // indirect github.com/prometheus/client_model v0.5.0 // indirect github.com/prometheus/common v0.44.0 // indirect + github.com/prometheus/common/sigv4 v0.1.0 // indirect github.com/prometheus/procfs v0.11.1 // indirect github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 // indirect github.com/spf13/cobra v1.7.0 // indirect diff --git a/go.sum b/go.sum index 01d3cbf2a..1c05684b4 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,42 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= @@ -26,6 +58,7 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= @@ -33,12 +66,16 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc= +github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA= github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.45.25 h1:c4fLlh5sLdK2DCRTY1z0hyuJZU4ygxX8m1FswL6/nF4= github.com/aws/aws-sdk-go v1.45.25/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -55,6 +92,9 @@ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= @@ -104,12 +144,17 @@ github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBd github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4= github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -142,24 +187,37 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= @@ -168,9 +226,12 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= @@ -180,8 +241,18 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 h1:pUa4ghanp6q4IJHwE9RwLgmVFfReJN+KbQ8ExNEUUoQ= github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -189,6 +260,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ= github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/gophercloud/gophercloud v1.7.0 h1:fyJGKh0LBvIZKLvBWvQdIgkaV5yTM3Jh9EYUh+UNCAs= @@ -240,6 +313,7 @@ github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.6.0 h1:uL2shRDx7RTrOrTCUZEGP/wJUFiUI8QT6E7z5o8jga4= github.com/hashicorp/golang-lru v0.6.0/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= @@ -252,6 +326,7 @@ github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hetznercloud/hcloud-go/v2 v2.4.0 h1:MqlAE+w125PLvJRCpAJmEwrIxoVdUdOyuFUhE/Ukbok= github.com/hetznercloud/hcloud-go/v2 v2.4.0/go.mod h1:l7fA5xsncFBzQTyw29/dw5Yr88yEGKKdc6BHf24ONS0= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -271,14 +346,20 @@ github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2E github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -375,6 +456,8 @@ github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0/g github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -385,15 +468,23 @@ github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cY github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= +github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= +github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4= +github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= github.com/prometheus/prometheus v0.48.1 h1:CTszphSNTXkuCG6O0IfpKdHcJkvvnAAE1GbELKS+NFk= github.com/prometheus/prometheus v0.48.1/go.mod h1:SRw624aMAxTfryAcP8rOjg4S/sHHaetx2lyJJ2nM83g= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -406,6 +497,7 @@ github.com/shoenig/test v0.6.6 h1:Oe8TPH9wAbv++YPNDKJWUnI8Q4PPWCx3UbOfH+FxiMU= github.com/shoenig/test v0.6.6/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= @@ -431,10 +523,17 @@ github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs= github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/collector/featuregate v0.77.0 h1:m1/IzaXoQh6SgF6CM80vrBOCf5zSJ2GVISfA27fYzGU= @@ -467,6 +566,8 @@ go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -475,12 +576,35 @@ golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -490,19 +614,38 @@ golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= @@ -510,14 +653,23 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= @@ -528,20 +680,45 @@ golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -559,7 +736,9 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -567,16 +746,53 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= @@ -588,15 +804,61 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc= google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0= google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk= google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a h1:myvhA4is3vrit1a6NZCWBIwN0kNEnX21DJOJX/NvIfI= @@ -604,9 +866,17 @@ google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY= google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= @@ -618,6 +888,7 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= @@ -629,6 +900,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= @@ -638,6 +910,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -646,7 +919,12 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= @@ -665,6 +943,9 @@ k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index e11d2e170..ffc3324ec 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -5,13 +5,34 @@ package collector import ( "encoding/json" + "time" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" + + promconfig "github.com/prometheus/prometheus/config" _ "github.com/prometheus/prometheus/discovery/install" // Package install has the side-effect of registering all builtin. + "gopkg.in/yaml.v2" "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ) +type targetAllocator struct { + Endpoint string `yaml:"endpoint"` + Interval time.Duration `yaml:"interval"` + CollectorID string `yaml:"collector_id"` + // HTTPSDConfig is a preference that can be set for the collector's target allocator, but the operator doesn't + // care about what the value is set to. We just need this for validation when unmarshalling the configmap. + HTTPSDConfig interface{} `yaml:"http_sd_config,omitempty"` +} + +type Config struct { + PromConfig *promconfig.Config `yaml:"config"` + TargetAllocConfig *targetAllocator `yaml:"target_allocator,omitempty"` +} + func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { config, err := adapters.ConfigFromJSONString(instance.Spec.Config) if err != nil { @@ -25,3 +46,46 @@ func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { return string(out), nil } + +func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { + // Check if TargetAllocator is enabled, if not, return the original config + if !instance.Spec.TargetAllocator.Enabled { + return instance.Spec.Prometheus, nil + } + + promCfgMap, getCfgPromErr := adapters.ConfigFromString(instance.Spec.Prometheus) + if getCfgPromErr != nil { + return "", getCfgPromErr + } + + validateCfgPromErr := ta.ValidatePromConfig(promCfgMap, instance.Spec.TargetAllocator.Enabled, featuregate.EnableTargetAllocatorRewrite.IsEnabled()) + if validateCfgPromErr != nil { + return "", validateCfgPromErr + } + + if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { + updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + if getCfgPromErr != nil { + return "", getCfgPromErr + } + + out, updCfgMarshalErr := yaml.Marshal(updPromCfgMap) + if updCfgMarshalErr != nil { + return "", updCfgMarshalErr + } + + return string(out), nil + } + + updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + if err != nil { + return "", err + } + + out, err := yaml.Marshal(updPromCfgMap) + if err != nil { + return "", err + } + + return string(out), nil +} diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index c7f232f91..947578b8a 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -4,15 +4,14 @@ package collector import ( - "fmt" - "gopkg.in/yaml.v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) @@ -43,19 +42,20 @@ func PrometheusConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { name := naming.PrometheusConfigMap(params.OtelCol.Name) labels := manifestutils.Labels(params.OtelCol.ObjectMeta, name, params.OtelCol.Spec.Image, ComponentAmazonCloudWatchAgent, []string{}) - prometheusReceiverConfig, err := adapters.GetPromConfig(params.OtelCol.Spec.Prometheus) + replacedPrometheusConf, err := ReplacePrometheusConfig(params.OtelCol) if err != nil { - return &corev1.ConfigMap{}, err + params.Log.V(2).Info("failed to update prometheus config to use sharded targets: ", "err", err) + return nil, err } - prometheusConfig, ok := prometheusReceiverConfig["config"] - if !ok { - return &corev1.ConfigMap{}, fmt.Errorf("no prometheusConfig available as part of the configuration") + prometheusReceiverConfig, err := ta.GetPromConfig(replacedPrometheusConf) + if err != nil { + return nil, err } - prometheusConfigYAML, err := yaml.Marshal(prometheusConfig) + prometheusConfigYAML, err := yaml.Marshal(prometheusReceiverConfig) if err != nil { - return &corev1.ConfigMap{}, err + return nil, err } return &corev1.ConfigMap{ diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index de673abb7..e966de760 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -63,12 +63,13 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { expectedLabels["app.kubernetes.io/version"] = "0.0.0" expectedData := map[string]string{ - "prometheus.yaml": `scrape_configs: -- job_name: cloudwatch-agent - scrape_interval: 10s - static_configs: - - targets: - - 0.0.0.0:8888 + "prometheus.yaml": `config: + scrape_configs: + - job_name: cloudwatch-agent + scrape_interval: 10s + static_configs: + - targets: + - 0.0.0.0:8888 `, } From 249c7f9bf1054d7943b2365465b1e511c4eaca90 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 6 Sep 2024 19:49:09 -0400 Subject: [PATCH 46/99] Fixed incorrect parsing. --- internal/manifests/collector/config_replace.go | 12 +++++++++++- internal/manifests/collector/configmap.go | 15 +-------------- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index ffc3324ec..8b19942ae 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -50,7 +50,17 @@ func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { // Check if TargetAllocator is enabled, if not, return the original config if !instance.Spec.TargetAllocator.Enabled { - return instance.Spec.Prometheus, nil + prometheusReceiverConfig, err := ta.GetPromConfig(instance.Spec.Prometheus) + if err != nil { + return "", err + } + + prometheusConfigYAML, err := yaml.Marshal(prometheusReceiverConfig) + if err != nil { + return "", err + } + + return string(prometheusConfigYAML), nil } promCfgMap, getCfgPromErr := adapters.ConfigFromString(instance.Spec.Prometheus) diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index 947578b8a..a1b5c60ee 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -4,12 +4,9 @@ package collector import ( - "gopkg.in/yaml.v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" @@ -48,16 +45,6 @@ func PrometheusConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { return nil, err } - prometheusReceiverConfig, err := ta.GetPromConfig(replacedPrometheusConf) - if err != nil { - return nil, err - } - - prometheusConfigYAML, err := yaml.Marshal(prometheusReceiverConfig) - if err != nil { - return nil, err - } - return &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: name, @@ -66,7 +53,7 @@ func PrometheusConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { Annotations: params.OtelCol.Annotations, }, Data: map[string]string{ - "prometheus.yaml": string(prometheusConfigYAML), + "prometheus.yaml": replacedPrometheusConf, }, }, nil } From 48099b4fbac6495e95301dd89d10bcce290094e7 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Sat, 7 Sep 2024 20:08:51 -0400 Subject: [PATCH 47/99] Added testing for service discovery changes. --- .../manifests/collector/configmap_test.go | 164 ++++++++++++++++++ .../http_sd_config_servicemonitor_test.yaml | 12 ++ ..._sd_config_servicemonitor_test_ta_set.yaml | 18 ++ 3 files changed, 194 insertions(+) create mode 100644 internal/manifests/collector/testdata/http_sd_config_servicemonitor_test.yaml create mode 100644 internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index e966de760..6bdca10fb 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -8,6 +8,10 @@ import ( "os" "testing" + colfeaturegate "go.opentelemetry.io/collector/featuregate" + + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" @@ -57,6 +61,16 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { fmt.Printf("Error getting yaml file: %v", err) } + httpConfigYAML, err := os.ReadFile("testdata/http_sd_config_servicemonitor_test.yaml") + if err != nil { + fmt.Printf("Error getting yaml file: %v", err) + } + + httpTAConfigYAML, err := os.ReadFile("testdata/http_sd_config_servicemonitor_test_ta_set.yaml") + if err != nil { + fmt.Printf("Error getting yaml file: %v", err) + } + t.Run("should return expected prometheus config map", func(t *testing.T) { expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" @@ -96,5 +110,155 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { assert.Equal(t, "test-prometheus-config", actual.Name) assert.Equal(t, expectedLabels, actual.Labels) assert.Equal(t, expectedData, actual.Data) + + }) + + t.Run("should return expected prometheus config map with http_sd_config if rewrite flag disabled", func(t *testing.T) { + err := colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), false) + assert.NoError(t, err) + t.Cleanup(func() { + _ = colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), true) + }) + expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" + expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" + + expectedData := map[string]string{ + "prometheus.yaml": `config: + scrape_configs: + - http_sd_configs: + - url: http://test-target-allocator:80/jobs/cloudwatch-agent/targets?collector_id=$POD_NAME + job_name: cloudwatch-agent + scrape_interval: 10s +`, + } + + param := manifests.Params{ + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + TypeMeta: metav1.TypeMeta{ + Kind: "cloudwatch.aws.amazon.com", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + UID: instanceUID, + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Prometheus: string(configYAML), + }, + }, + } + param.OtelCol.Spec.TargetAllocator.Enabled = true + actual, err := PrometheusConfigMap(param) + + assert.NoError(t, err) + assert.Equal(t, "test-prometheus-config", actual.GetName()) + assert.Equal(t, expectedLabels, actual.GetLabels()) + assert.Equal(t, expectedData, actual.Data) + + }) + + t.Run("should return expected escaped prometheus config map with http_sd_config if rewrite flag disabled", func(t *testing.T) { + err := colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), false) + assert.NoError(t, err) + t.Cleanup(func() { + _ = colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), true) + }) + + expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" + expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" + expectedLabels["app.kubernetes.io/version"] = "0.0.0" + + expectedData := map[string]string{ + "prometheus.yaml": `config: + scrape_configs: + - http_sd_configs: + - url: http://test-target-allocator:80/jobs/serviceMonitor%2Ftest%2Ftest%2F0/targets?collector_id=$POD_NAME + job_name: serviceMonitor/test/test/0 +target_allocator: + collector_id: ${POD_NAME} + endpoint: http://test-target-allocator:80 + http_sd_config: + refresh_interval: 60s + interval: 30s +`, + } + + param := manifests.Params{ + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + TypeMeta: metav1.TypeMeta{ + Kind: "cloudwatch.aws.amazon.com", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + UID: instanceUID, + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Prometheus: string(httpTAConfigYAML), + }, + }, + } + assert.NoError(t, err) + param.OtelCol.Spec.TargetAllocator.Enabled = true + actual, err := PrometheusConfigMap(param) + + assert.NoError(t, err) + assert.Equal(t, "test-prometheus-config", actual.Name) + assert.Equal(t, expectedLabels, actual.Labels) + assert.Equal(t, expectedData, actual.Data) + + // Reset the value + expectedLabels["app.kubernetes.io/version"] = "0.47.0" + + }) + + t.Run("should return expected escaped prometheus config map with target_allocator config block", func(t *testing.T) { + expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" + expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" + expectedLabels["app.kubernetes.io/version"] = "0.0.0" + + expectedData := map[string]string{ + "prometheus.yaml": `config: {} +target_allocator: + collector_id: ${POD_NAME} + endpoint: http://test-target-allocator:80 + interval: 30s +`, + } + + param := manifests.Params{ + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + TypeMeta: metav1.TypeMeta{ + Kind: "cloudwatch.aws.amazon.com", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + UID: instanceUID, + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Prometheus: string(httpConfigYAML), + }, + }, + } + assert.NoError(t, err) + param.OtelCol.Spec.TargetAllocator.Enabled = true + actual, err := PrometheusConfigMap(param) + + assert.NoError(t, err) + assert.Equal(t, "test-prometheus-config", actual.Name) + assert.Equal(t, expectedLabels, actual.Labels) + assert.Equal(t, expectedData, actual.Data) + + // Reset the value + expectedLabels["app.kubernetes.io/version"] = "0.47.0" + assert.NoError(t, err) + }) } diff --git a/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test.yaml b/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test.yaml new file mode 100644 index 000000000..e755e8165 --- /dev/null +++ b/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test.yaml @@ -0,0 +1,12 @@ +config: + scrape_configs: + - job_name: serviceMonitor/test/test/0 + + static_configs: + - targets: ["prom.domain:1001", "prom.domain:1002", "prom.domain:1003"] + labels: + my: label + + file_sd_configs: + - files: + - file2.json \ No newline at end of file diff --git a/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml b/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml new file mode 100644 index 000000000..455cc0d1e --- /dev/null +++ b/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml @@ -0,0 +1,18 @@ +config: + scrape_configs: + - job_name: serviceMonitor/test/test/0 + + static_configs: + - targets: ["prom.domain:1001", "prom.domain:1002", "prom.domain:1003"] + labels: + my: label + + file_sd_configs: + - files: + - file2.json +target_allocator: + endpoint: http://test-target-allocator:80 + interval: 30s + collector_id: ${POD_NAME} + http_sd_config: + refresh_interval: 60s \ No newline at end of file From ad907fdb82fbf49aa118f1aa20d33a20d5287aaf Mon Sep 17 00:00:00 2001 From: musa-asad Date: Sat, 7 Sep 2024 21:29:24 -0400 Subject: [PATCH 48/99] Add testing for config_replace.go. --- .../collector/config_replace_test.go | 360 ++++++++++++++++++ .../manifests/collector/configmap_test.go | 8 + .../config_expected_targetallocator.yaml | 9 + .../testdata/http_sd_config_ta_test.yaml | 12 + .../testdata/http_sd_config_test.yaml | 23 ++ ...elabel_config_expected_with_sd_config.yaml | 44 +++ .../testdata/relabel_config_original.yaml | 37 ++ 7 files changed, 493 insertions(+) create mode 100644 internal/manifests/collector/config_replace_test.go create mode 100644 internal/manifests/collector/testdata/config_expected_targetallocator.yaml create mode 100644 internal/manifests/collector/testdata/http_sd_config_ta_test.yaml create mode 100644 internal/manifests/collector/testdata/http_sd_config_test.yaml create mode 100644 internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml create mode 100644 internal/manifests/collector/testdata/relabel_config_original.yaml diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go new file mode 100644 index 000000000..3f240cb65 --- /dev/null +++ b/internal/manifests/collector/config_replace_test.go @@ -0,0 +1,360 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package collector + +import ( + "fmt" + "os" + "testing" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" + + "github.com/prometheus/prometheus/discovery/http" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + colfeaturegate "go.opentelemetry.io/collector/featuregate" + "gopkg.in/yaml.v2" + + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" +) + +func TestPrometheusParser(t *testing.T) { + httpConfigYAML, err := os.ReadFile("testdata/http_sd_config_test.yaml") + if err != nil { + fmt.Printf("Error getting yaml file: %v", err) + } + param := manifests.Params{ + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + TypeMeta: metav1.TypeMeta{ + Kind: "cloudwatch.aws.amazon.com", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + UID: instanceUID, + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Prometheus: string(httpConfigYAML), + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Image: "test/test-img", + }, + }, + }, + } + assert.NoError(t, err) + + t.Run("should update config with http_sd_config", func(t *testing.T) { + err := colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), false) + require.NoError(t, err) + t.Cleanup(func() { + _ = colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), true) + }) + actualConfig, err := ReplacePrometheusConfig(param.OtelCol) + assert.NoError(t, err) + + // prepare + var cfg Config + promCfgMap, err := adapters.ConfigFromString(actualConfig) + assert.NoError(t, err) + + promCfg, err := yaml.Marshal(promCfgMap) + assert.NoError(t, err) + + err = yaml.UnmarshalStrict(promCfg, &cfg) + assert.NoError(t, err) + + // test + expectedMap := map[string]bool{ + "prometheus": false, + "service-x": false, + } + for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { + assert.Len(t, scrapeConfig.ServiceDiscoveryConfigs, 1) + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].Name(), "http") + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].(*http.SDConfig).URL, "http://test-target-allocator:80/jobs/"+scrapeConfig.JobName+"/targets?collector_id=$POD_NAME") + expectedMap[scrapeConfig.JobName] = true + } + for k := range expectedMap { + assert.True(t, expectedMap[k], k) + } + assert.True(t, cfg.TargetAllocConfig == nil) + }) + + t.Run("should update config with targetAllocator block if block not present", func(t *testing.T) { + // Set up the test scenario + param.OtelCol.Spec.TargetAllocator.Enabled = true + actualConfig, err := ReplacePrometheusConfig(param.OtelCol) + assert.NoError(t, err) + + // Verify the expected changes in the config + promCfgMap, err := adapters.ConfigFromString(actualConfig) + assert.NoError(t, err) + + prometheusConfig := promCfgMap["config"].(map[interface{}]interface{}) + + assert.NotContains(t, prometheusConfig, "scrape_configs") + + expectedTAConfig := map[interface{}]interface{}{ + "endpoint": "http://test-target-allocator:80", + "interval": "30s", + "collector_id": "${POD_NAME}", + } + assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) + assert.NoError(t, err) + }) + + t.Run("should update config with targetAllocator block if block already present", func(t *testing.T) { + // Set up the test scenario + httpTAConfigYAML, err := os.ReadFile("testdata/http_sd_config_ta_test.yaml") + if err != nil { + fmt.Printf("Error getting yaml file: %v", err) + } + paramTa := manifests.Params{ + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + TypeMeta: metav1.TypeMeta{ + Kind: "cloudwatch.aws.amazon.com", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + UID: instanceUID, + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Prometheus: string(httpTAConfigYAML), + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Image: "test/test-img", + }, + }, + }, + } + require.NoError(t, err) + paramTa.OtelCol.Spec.TargetAllocator.Enabled = true + + actualConfig, err := ReplacePrometheusConfig(paramTa.OtelCol) + assert.NoError(t, err) + + // Verify the expected changes in the config + promCfgMap, err := adapters.ConfigFromString(actualConfig) + assert.NoError(t, err) + + prometheusConfig := promCfgMap["config"].(map[interface{}]interface{}) + + assert.NotContains(t, prometheusConfig, "scrape_configs") + + expectedTAConfig := map[interface{}]interface{}{ + "endpoint": "http://test-target-allocator:80", + "interval": "30s", + "collector_id": "${POD_NAME}", + } + assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) + assert.NoError(t, err) + }) + + t.Run("should not update config with http_sd_config", func(t *testing.T) { + param.OtelCol.Spec.TargetAllocator.Enabled = false + actualConfig, err := ReplacePrometheusConfig(param.OtelCol) + assert.NoError(t, err) + + // prepare + var cfg Config + promCfgMap, err := adapters.ConfigFromString(actualConfig) + assert.NoError(t, err) + + promCfg, err := yaml.Marshal(promCfgMap) + assert.NoError(t, err) + + err = yaml.UnmarshalStrict(promCfg, &cfg) + assert.NoError(t, err) + + // test + expectedMap := map[string]bool{ + "prometheus": false, + "service-x": false, + } + for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { + assert.Len(t, scrapeConfig.ServiceDiscoveryConfigs, 2) + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].Name(), "file") + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[1].Name(), "static") + expectedMap[scrapeConfig.JobName] = true + } + for k := range expectedMap { + assert.True(t, expectedMap[k], k) + } + assert.True(t, cfg.TargetAllocConfig == nil) + }) + +} + +func TestReplacePrometheusConfig(t *testing.T) { + relabelConfigYAML, err := os.ReadFile("testdata/relabel_config_original.yaml") + if err != nil { + fmt.Printf("Error getting yaml file: %v", err) + } + param := manifests.Params{ + OtelCol: v1alpha1.AmazonCloudWatchAgent{ + TypeMeta: metav1.TypeMeta{ + Kind: "cloudwatch.aws.amazon.com", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "default", + UID: instanceUID, + }, + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Prometheus: string(relabelConfigYAML), + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Image: "test/test-img", + }, + }, + }, + } + assert.NoError(t, err) + + t.Run("should not modify config when TargetAllocator is disabled", func(t *testing.T) { + param.OtelCol.Spec.TargetAllocator.Enabled = false + + expectedConfig := `config: + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + scrape_configs: + - honor_labels: true + job_name: service-x + metric_relabel_configs: + - action: keep + regex: (.*) + separator: ; + source_labels: + - label1 + - action: labelmap + regex: (.*) + separator: ; + source_labels: + - label4 + metrics_path: /metrics + relabel_configs: + - action: keep + regex: (.*) + source_labels: + - label1 + - action: replace + regex: (.*) + replacement: $1_$2 + separator: ; + source_labels: + - label2 + target_label: label3 + - action: labelmap + regex: (.*) + separator: ; + source_labels: + - label4 + - action: labeldrop + regex: foo_.* + scheme: http + scrape_interval: 1m + scrape_timeout: 10s +` + + actualConfig, err := ReplacePrometheusConfig(param.OtelCol) + assert.NoError(t, err) + + assert.Equal(t, expectedConfig, actualConfig) + }) + + t.Run("should rewrite scrape configs with SD config when TargetAllocator is enabled and feature flag is not set", func(t *testing.T) { + err := colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), false) + require.NoError(t, err) + t.Cleanup(func() { + _ = colfeaturegate.GlobalRegistry().Set(featuregate.EnableTargetAllocatorRewrite.ID(), true) + }) + + param.OtelCol.Spec.TargetAllocator.Enabled = true + + expectedConfig := `config: + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + scrape_configs: + - honor_labels: true + http_sd_configs: + - url: http://test-target-allocator:80/jobs/service-x/targets?collector_id=$POD_NAME + job_name: service-x + metric_relabel_configs: + - action: keep + regex: (.*) + separator: ; + source_labels: + - label1 + - action: labelmap + regex: (.*) + separator: ; + source_labels: + - label4 + metrics_path: /metrics + relabel_configs: + - action: keep + regex: (.*) + source_labels: + - label1 + - action: replace + regex: (.*) + replacement: $1_$2 + separator: ; + source_labels: + - label2 + target_label: label3 + - action: labelmap + regex: (.*) + separator: ; + source_labels: + - label4 + - action: labeldrop + regex: foo_.* + scheme: http + scrape_interval: 1m + scrape_timeout: 10s +` + + actualConfig, err := ReplacePrometheusConfig(param.OtelCol) + assert.NoError(t, err) + + assert.Equal(t, expectedConfig, actualConfig) + }) + + t.Run("should remove scrape configs if TargetAllocator is enabled and feature flag is set", func(t *testing.T) { + param.OtelCol.Spec.TargetAllocator.Enabled = true + + expectedConfig := `config: + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s +target_allocator: + collector_id: ${POD_NAME} + endpoint: http://test-target-allocator:80 + interval: 30s +` + + actualConfig, err := ReplacePrometheusConfig(param.OtelCol) + assert.NoError(t, err) + + assert.Equal(t, expectedConfig, actualConfig) + }) +} diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index 6bdca10fb..d4cca1841 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -199,6 +199,10 @@ target_allocator: Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", Prometheus: string(httpTAConfigYAML), + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Image: "test/test-img", + }, }, }, } @@ -244,6 +248,10 @@ target_allocator: Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", Prometheus: string(httpConfigYAML), + TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ + Enabled: true, + Image: "test/test-img", + }, }, }, } diff --git a/internal/manifests/collector/testdata/config_expected_targetallocator.yaml b/internal/manifests/collector/testdata/config_expected_targetallocator.yaml new file mode 100644 index 000000000..b7a78333e --- /dev/null +++ b/internal/manifests/collector/testdata/config_expected_targetallocator.yaml @@ -0,0 +1,9 @@ +config: + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s +target_allocator: + collector_id: ${POD_NAME} + endpoint: http://test-target-allocator:80 + interval: 30s \ No newline at end of file diff --git a/internal/manifests/collector/testdata/http_sd_config_ta_test.yaml b/internal/manifests/collector/testdata/http_sd_config_ta_test.yaml new file mode 100644 index 000000000..355b59b6d --- /dev/null +++ b/internal/manifests/collector/testdata/http_sd_config_ta_test.yaml @@ -0,0 +1,12 @@ +config: + scrape_configs: + - job_name: prometheus + + static_configs: + - targets: ["prom.domain:9001", "prom.domain:9002", "prom.domain:9003"] + labels: + my: label +target_allocator: + collector_id: ${POD_NAME} + endpoint: http://test-sd-target-allocator:80 + interval: 60s \ No newline at end of file diff --git a/internal/manifests/collector/testdata/http_sd_config_test.yaml b/internal/manifests/collector/testdata/http_sd_config_test.yaml new file mode 100644 index 000000000..8b88fbeda --- /dev/null +++ b/internal/manifests/collector/testdata/http_sd_config_test.yaml @@ -0,0 +1,23 @@ +config: + scrape_configs: + - job_name: prometheus + + static_configs: + - targets: ["prom.domain:9001", "prom.domain:9002", "prom.domain:9003"] + labels: + my: label + + file_sd_configs: + - files: + - file1.json + + - job_name: service-x + + static_configs: + - targets: ["prom.domain:1001", "prom.domain:1002", "prom.domain:1003"] + labels: + my: label + + file_sd_configs: + - files: + - file2.json \ No newline at end of file diff --git a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml new file mode 100644 index 000000000..49c8c9284 --- /dev/null +++ b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml @@ -0,0 +1,44 @@ +config: + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + scrape_configs: + - honor_labels: true + http_sd_configs: + - url: http://test-target-allocator:80/jobs/service-x/targets?collector_id=$POD_NAME + job_name: service-x + metric_relabel_configs: + - action: keep + regex: (.*) + separator: ; + source_labels: + - label1 + - action: labelmap + regex: (.*) + separator: ; + source_labels: + - label4 + metrics_path: /metrics + relabel_configs: + - action: keep + regex: (.*) + source_labels: + - label1 + - action: replace + regex: (.*) + replacement: $1_$2 + separator: ; + source_labels: + - label2 + target_label: label3 + - action: labelmap + regex: (.*) + separator: ; + source_labels: + - label4 + - action: labeldrop + regex: foo_.* + scheme: http + scrape_interval: 1m + scrape_timeout: 10s \ No newline at end of file diff --git a/internal/manifests/collector/testdata/relabel_config_original.yaml b/internal/manifests/collector/testdata/relabel_config_original.yaml new file mode 100644 index 000000000..dc7a4f6de --- /dev/null +++ b/internal/manifests/collector/testdata/relabel_config_original.yaml @@ -0,0 +1,37 @@ +config: + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + scrape_configs: + - job_name: service-x + metrics_path: /metrics + scheme: http + scrape_interval: 1m + scrape_timeout: 10s + honor_labels: true + relabel_configs: + - source_labels: [label1] + action: keep + regex: (.*) + - target_label: label3 + source_labels: [label2] + action: replace + regex: (.*) + replacement: "$1_$2" + separator: ";" + - source_labels: [label4] + action: labelmap + regex: (.*) + separator: ";" + - regex: foo_.* + action: labeldrop + metric_relabel_configs: + - source_labels: [label1] + action: keep + regex: (.*) + separator: ";" + - regex: (.*) + action: labelmap + separator: ";" + source_labels: [label4] \ No newline at end of file From 85387a146aeb19768f7176427fb9b2bc82bcc0d3 Mon Sep 17 00:00:00 2001 From: Parampreet Singh <50599809+Paramadon@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:39:02 -0400 Subject: [PATCH 49/99] Fixing version.txt version of dotnet and nodejs (#228) --- versions.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/versions.txt b/versions.txt index 65c95256b..a031374ec 100644 --- a/versions.txt +++ b/versions.txt @@ -6,9 +6,9 @@ operator=1.7.0 # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 -aws-otel-python-instrumentation=v0.4.0 -aws-otel-dotnet-instrumentation=v1.3.0 -aws-otel-nodejs-instrumentation=v0.1.0 +aws-otel-python-instrumentation=v0.2.0 +aws-otel-dotnet-instrumentation=1.6.0 +aws-otel-nodejs-instrumentation=0.52.1 dcgm-exporter=3.3.7-3.5.0-ubuntu22.04 neuron-monitor=1.0.1 \ No newline at end of file From 25d547c6a09233b935f78bc887b968198d1dfb42 Mon Sep 17 00:00:00 2001 From: Mitali Salvi <44349099+mitali-salvi@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:15:15 -0400 Subject: [PATCH 50/99] Fixing integration tests for EKS add-on with the change to separate Container Insights and AppSignals resources in Windows (#226) --- .../eks/resourceCount_linuxonly_test.go | 4 +-- .../eks/resourceCount_windowslinux_test.go | 4 +-- .../eks/validateResources_test.go | 27 +++++++++++-------- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/integration-tests/eks/resourceCount_linuxonly_test.go b/integration-tests/eks/resourceCount_linuxonly_test.go index 89041dffb..f63ec37eb 100644 --- a/integration-tests/eks/resourceCount_linuxonly_test.go +++ b/integration-tests/eks/resourceCount_linuxonly_test.go @@ -9,11 +9,11 @@ package eks_addon const ( // Services count for CW agent on Linux and Windows serviceCountLinux = 6 - serviceCountWindows = 3 + serviceCountWindows = 6 // DaemonSet count for CW agent on Linux and Windows daemonsetCountLinux = 4 - daemonsetCountWindows = 2 + daemonsetCountWindows = 3 // Pods count for CW agent on Linux and Windows podCountLinux = 3 diff --git a/integration-tests/eks/resourceCount_windowslinux_test.go b/integration-tests/eks/resourceCount_windowslinux_test.go index e7831d491..d7d46a456 100644 --- a/integration-tests/eks/resourceCount_windowslinux_test.go +++ b/integration-tests/eks/resourceCount_windowslinux_test.go @@ -9,11 +9,11 @@ package eks_addon const ( // Services count for CW agent on Linux and Windows serviceCountLinux = 6 - serviceCountWindows = 3 + serviceCountWindows = 6 // DaemonSet count for CW agent on Linux and Windows daemonsetCountLinux = 4 - daemonsetCountWindows = 2 + daemonsetCountWindows = 3 // Pods count for CW agent on Linux and Windows podCountLinux = 3 diff --git a/integration-tests/eks/validateResources_test.go b/integration-tests/eks/validateResources_test.go index 90ca15efe..0d79e2e18 100644 --- a/integration-tests/eks/validateResources_test.go +++ b/integration-tests/eks/validateResources_test.go @@ -26,17 +26,18 @@ import ( ) const ( - nameSpace = "amazon-cloudwatch" - addOnName = "amazon-cloudwatch-observability" - agentName = "cloudwatch-agent" - agentNameWindows = "cloudwatch-agent-windows" - operatorName = addOnName + "-controller-manager" - fluentBitName = "fluent-bit" - fluentBitNameWindows = "fluent-bit-windows" - dcgmExporterName = "dcgm-exporter" - neuronMonitor = "neuron-monitor" - podNameRegex = "(" + agentName + "|" + agentNameWindows + "|" + operatorName + "|" + fluentBitName + "|" + fluentBitNameWindows + ")-*" - serviceNameRegex = agentName + "(-headless|-monitoring)?|" + agentNameWindows + "(-headless|-monitoring)?|" + addOnName + "-webhook-service|" + dcgmExporterName + "-service|" + neuronMonitor + "-service" + nameSpace = "amazon-cloudwatch" + addOnName = "amazon-cloudwatch-observability" + agentName = "cloudwatch-agent" + agentNameWindows = "cloudwatch-agent-windows" + agentNameWindowsContainerInsights = "cloudwatch-agent-windows-container-insights" + operatorName = addOnName + "-controller-manager" + fluentBitName = "fluent-bit" + fluentBitNameWindows = "fluent-bit-windows" + dcgmExporterName = "dcgm-exporter" + neuronMonitor = "neuron-monitor" + podNameRegex = "(" + agentName + "|" + agentNameWindows + "|" + agentNameWindowsContainerInsights + "|" + operatorName + "|" + fluentBitName + "|" + fluentBitNameWindows + ")-*" + serviceNameRegex = agentName + "(-headless|-monitoring)?|" + agentNameWindows + "(-headless|-monitoring)?|" + agentNameWindowsContainerInsights + "(-headless|-monitoring)?|" + addOnName + "-webhook-service|" + dcgmExporterName + "-service|" + neuronMonitor + "-service" ) const ( @@ -102,6 +103,9 @@ func TestOperatorOnEKs(t *testing.T) { // - cloudwatch-agent-windows // - cloudwatch-agent-windows-headless // - cloudwatch-agent-windows-monitoring + // - cloudwatch-agent-windows-container-insights + // - cloudwatch-agent-windows-container-insights-headless + // - cloudwatch-agent-windows-container-insights-monitoring // - dcgm-exporter-service // - neuron-monitor-service if match, _ := regexp.MatchString(serviceNameRegex, service.Name); !match { @@ -133,6 +137,7 @@ func TestOperatorOnEKs(t *testing.T) { // matches // - cloudwatch-agent // - cloudwatch-agent-windows + // - cloudwatch-agent-windows-container-insights // - fluent-bit // - fluent-bit-windows // - dcgm-exporter (this can be removed in the future) From af443783ca839d44bbd537cd5853411cf44a73fd Mon Sep 17 00:00:00 2001 From: Musa Date: Mon, 9 Sep 2024 15:15:28 -0400 Subject: [PATCH 51/99] Support configurable resources for NodeJS. (#225) --- .../validate_annotations_deployment_test.go | 2 +- main.go | 6 +-- pkg/instrumentation/defaultinstrumentation.go | 5 ++ .../defaultinstrumentation_test.go | 48 +++++++++++++++++++ 4 files changed, 57 insertions(+), 4 deletions(-) diff --git a/integration-tests/manifests/annotations/validate_annotations_deployment_test.go b/integration-tests/manifests/annotations/validate_annotations_deployment_test.go index 0fdee2662..27697e61d 100644 --- a/integration-tests/manifests/annotations/validate_annotations_deployment_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_deployment_test.go @@ -95,7 +95,7 @@ func TestJavaOnlyDeployment(t *testing.T) { updateTheOperator(t, clientSet, string(jsonStr)) if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation}, false); err != nil { - t.Fatalf("Failed annotation check: %s", err.Error()) + t.Fatalf("Failed annotation check: %s", err.Error()) } } diff --git a/main.go b/main.go index e21f5e704..1205201c5 100644 --- a/main.go +++ b/main.go @@ -143,7 +143,7 @@ func main() { pflag.Parse() // set instrumentation cpu and memory limits in environment variables to be used for default instrumentation; default values received from https://github.com/open-telemetry/opentelemetry-operator/blob/main/apis/v1alpha1/instrumentation_webhook.go - autoInstrumentationConfig := map[string]map[string]map[string]string{"java": {"limits": {"cpu": "500m", "memory": "64Mi"}, "requests": {"cpu": "50m", "memory": "64Mi"}}, "python": {"limits": {"cpu": "500m", "memory": "32Mi"}, "requests": {"cpu": "50m", "memory": "32Mi"}}, "dotnet": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}} + autoInstrumentationConfig := map[string]map[string]map[string]string{"java": {"limits": {"cpu": "500m", "memory": "64Mi"}, "requests": {"cpu": "50m", "memory": "64Mi"}}, "python": {"limits": {"cpu": "500m", "memory": "32Mi"}, "requests": {"cpu": "50m", "memory": "32Mi"}}, "dotnet": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}, "nodejs": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}} err := json.Unmarshal([]byte(autoInstrumentationConfigStr), &autoInstrumentationConfig) if err != nil { setupLog.Info(fmt.Sprintf("Using default values: %v", autoInstrumentationConfig)) @@ -157,8 +157,8 @@ func main() { if dotNetVar, ok := autoInstrumentationConfig["dotnet"]; ok { setLangEnvVars("DOTNET", dotNetVar) } - if dotNetVar, ok := autoInstrumentationConfig["nodejs"]; ok { - setLangEnvVars("NODEJS", dotNetVar) + if nodeJSVar, ok := autoInstrumentationConfig["nodejs"]; ok { + setLangEnvVars("NODEJS", nodeJSVar) } // set supported language instrumentation images in environment variable to be used for default instrumentation diff --git a/pkg/instrumentation/defaultinstrumentation.go b/pkg/instrumentation/defaultinstrumentation.go index 2f6fa918c..a16857280 100644 --- a/pkg/instrumentation/defaultinstrumentation.go +++ b/pkg/instrumentation/defaultinstrumentation.go @@ -29,6 +29,7 @@ const ( java = "JAVA" python = "PYTHON" dotNet = "DOTNET" + nodeJS = "NODEJS" limit = "LIMIT" request = "REQUEST" ) @@ -173,6 +174,10 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, }, + Resources: corev1.ResourceRequirements{ + Limits: getInstrumentationConfigForResource(nodeJS, limit), + Requests: getInstrumentationConfigForResource(nodeJS, request), + }, }, }, }, nil diff --git a/pkg/instrumentation/defaultinstrumentation_test.go b/pkg/instrumentation/defaultinstrumentation_test.go index d1611f8dd..bb1d920ff 100644 --- a/pkg/instrumentation/defaultinstrumentation_test.go +++ b/pkg/instrumentation/defaultinstrumentation_test.go @@ -34,6 +34,10 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_LIMIT", "128Mi") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_CPU_REQUEST", "50m") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_REQUEST", "128Mi") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_LIMIT", "500m") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_LIMIT", "128Mi") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_REQUEST", "50m") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_REQUEST", "128Mi") httpInst := &v1alpha1.Instrumentation{ Status: v1alpha1.InstrumentationStatus{}, @@ -143,6 +147,16 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, }, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("50m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, }, }, } @@ -254,6 +268,16 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, }, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("50m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, }, }, } @@ -333,6 +357,10 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_LIMIT", "128Mi") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_CPU_REQUEST", "50m") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_REQUEST", "128Mi") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_LIMIT", "500m") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_LIMIT", "128Mi") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_REQUEST", "50m") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_REQUEST", "128Mi") httpInst := &v1alpha1.Instrumentation{ Status: v1alpha1.InstrumentationStatus{}, @@ -442,6 +470,16 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, }, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("50m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, }, }, } @@ -553,6 +591,16 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, }, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("50m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, }, }, } From a5c350e15e9ab071829d8dbdff6774167d4dfe4e Mon Sep 17 00:00:00 2001 From: musa-asad Date: Mon, 9 Sep 2024 17:17:41 -0400 Subject: [PATCH 52/99] Use target allocator service account name. --- internal/manifests/targetallocator/serviceaccount.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/manifests/targetallocator/serviceaccount.go b/internal/manifests/targetallocator/serviceaccount.go index bfd7c909c..ce642b560 100644 --- a/internal/manifests/targetallocator/serviceaccount.go +++ b/internal/manifests/targetallocator/serviceaccount.go @@ -16,7 +16,7 @@ import ( // ServiceAccountName returns the name of the existing or self-provisioned service account to use for the given instance. func ServiceAccountName(instance v1alpha1.AmazonCloudWatchAgent) string { if len(instance.Spec.TargetAllocator.ServiceAccount) == 0 { - return naming.ServiceAccount(instance.Name) + return naming.TargetAllocatorServiceAccount(instance.Name) } return instance.Spec.TargetAllocator.ServiceAccount From cbf802f6f812f6f218b0a265f1841c8730b2dfb6 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Mon, 9 Sep 2024 17:59:09 -0400 Subject: [PATCH 53/99] Give a set name for the target allocator service account. --- .../manifests/targetallocator/serviceaccount.go | 13 ++++++------- .../targetallocator/serviceaccount_test.go | 2 +- internal/naming/main.go | 5 ----- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/internal/manifests/targetallocator/serviceaccount.go b/internal/manifests/targetallocator/serviceaccount.go index ce642b560..ddb6f9923 100644 --- a/internal/manifests/targetallocator/serviceaccount.go +++ b/internal/manifests/targetallocator/serviceaccount.go @@ -7,16 +7,16 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" ) +const targetAllocatorAcctName = "target-allocator-service-acct" + // ServiceAccountName returns the name of the existing or self-provisioned service account to use for the given instance. func ServiceAccountName(instance v1alpha1.AmazonCloudWatchAgent) string { if len(instance.Spec.TargetAllocator.ServiceAccount) == 0 { - return naming.TargetAllocatorServiceAccount(instance.Name) + return targetAllocatorAcctName } return instance.Spec.TargetAllocator.ServiceAccount @@ -24,12 +24,11 @@ func ServiceAccountName(instance v1alpha1.AmazonCloudWatchAgent) string { // ServiceAccount returns the service account for the given instance. func ServiceAccount(params manifests.Params) *corev1.ServiceAccount { - name := naming.TargetAllocatorServiceAccount(params.OtelCol.Name) - labels := Labels(params.OtelCol, name) + labels := Labels(params.OtelCol, targetAllocatorAcctName) return &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ - Name: name, + Name: targetAllocatorAcctName, Namespace: params.OtelCol.Namespace, Labels: labels, Annotations: params.OtelCol.Annotations, diff --git a/internal/manifests/targetallocator/serviceaccount_test.go b/internal/manifests/targetallocator/serviceaccount_test.go index 0f350d4b2..7f4614e18 100644 --- a/internal/manifests/targetallocator/serviceaccount_test.go +++ b/internal/manifests/targetallocator/serviceaccount_test.go @@ -24,7 +24,7 @@ func TestServiceAccountNewDefault(t *testing.T) { sa := ServiceAccountName(otelcol) // verify - assert.Equal(t, "my-instance", sa) + assert.Equal(t, "target-allocator-service-acct", sa) } func TestServiceAccountOverride(t *testing.T) { diff --git a/internal/naming/main.go b/internal/naming/main.go index c198fb2d7..f181c8797 100644 --- a/internal/naming/main.go +++ b/internal/naming/main.go @@ -123,8 +123,3 @@ func ServiceMonitor(otelcol string) string { func PodMonitor(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) } - -// TargetAllocatorServiceAccount returns the TargetAllocator service account resource name. -func TargetAllocatorServiceAccount(otelcol string) string { - return DNSName(Truncate("%s-target-allocator", 63, otelcol)) -} From 8b9af0a07d2a0263542adb19ffc30a0c6786401f Mon Sep 17 00:00:00 2001 From: musa-asad Date: Mon, 9 Sep 2024 18:09:23 -0400 Subject: [PATCH 54/99] Fixed naming. --- internal/manifests/targetallocator/serviceaccount.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/manifests/targetallocator/serviceaccount.go b/internal/manifests/targetallocator/serviceaccount.go index ddb6f9923..9a7f19bb2 100644 --- a/internal/manifests/targetallocator/serviceaccount.go +++ b/internal/manifests/targetallocator/serviceaccount.go @@ -11,12 +11,12 @@ import ( "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" ) -const targetAllocatorAcctName = "target-allocator-service-acct" +const targetAllocatorServiceAcctName = "target-allocator-service-acct" // ServiceAccountName returns the name of the existing or self-provisioned service account to use for the given instance. func ServiceAccountName(instance v1alpha1.AmazonCloudWatchAgent) string { if len(instance.Spec.TargetAllocator.ServiceAccount) == 0 { - return targetAllocatorAcctName + return targetAllocatorServiceAcctName } return instance.Spec.TargetAllocator.ServiceAccount @@ -24,11 +24,11 @@ func ServiceAccountName(instance v1alpha1.AmazonCloudWatchAgent) string { // ServiceAccount returns the service account for the given instance. func ServiceAccount(params manifests.Params) *corev1.ServiceAccount { - labels := Labels(params.OtelCol, targetAllocatorAcctName) + labels := Labels(params.OtelCol, targetAllocatorServiceAcctName) return &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ - Name: targetAllocatorAcctName, + Name: targetAllocatorServiceAcctName, Namespace: params.OtelCol.Namespace, Labels: labels, Annotations: params.OtelCol.Annotations, From e79ca42a6fcc6411f6bef8c25bed8bc058ed4566 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 10 Sep 2024 12:22:10 -0400 Subject: [PATCH 55/99] Updated featuregate description. --- pkg/featuregate/featuregate.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/featuregate/featuregate.go b/pkg/featuregate/featuregate.go index 8c438d598..6ae36fc37 100644 --- a/pkg/featuregate/featuregate.go +++ b/pkg/featuregate/featuregate.go @@ -63,12 +63,12 @@ var ( featuregate.WithRegisterFromVersion("0.86.0"), featuregate.WithRegisterDescription("controls whether the operator supports multi instrumentation")) - // EnableTargetAllocatorRewrite is the feature gate that controls whether the collector's configuration should + // EnableTargetAllocatorRewrite is the feature gate that controls whether the prometheus configuration should // automatically be rewritten when the target allocator is enabled. EnableTargetAllocatorRewrite = featuregate.GlobalRegistry().MustRegister( "operator.collector.rewritetargetallocator", featuregate.StageBeta, - featuregate.WithRegisterDescription("controls whether the operator should configure the collector's targetAllocator configuration"), + featuregate.WithRegisterDescription("controls whether the operator should configure the prometheus targetAllocator configuration"), featuregate.WithRegisterFromVersion("v0.76.1"), ) From 3e190b373a560ac2cb198af4967626d25d431c15 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 10 Sep 2024 15:47:15 -0400 Subject: [PATCH 56/99] Fixed labels, comments, and naming conventions. --- .../manifests/collector/config_replace.go | 4 +-- internal/manifests/collector/configmap.go | 2 +- .../manifests/collector/configmap_test.go | 11 -------- internal/manifests/manifestutils/labels.go | 26 ++++++++++--------- .../adapters/config_to_prom_config.go | 14 +++++----- .../adapters/config_to_prom_config_test.go | 4 +-- .../manifests/targetallocator/configmap.go | 4 +-- main.go | 2 +- 8 files changed, 29 insertions(+), 38 deletions(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 8b19942ae..0289cad4e 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -50,12 +50,12 @@ func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { // Check if TargetAllocator is enabled, if not, return the original config if !instance.Spec.TargetAllocator.Enabled { - prometheusReceiverConfig, err := ta.GetPromConfig(instance.Spec.Prometheus) + prometheusConfig, err := ta.GetPromConfig(instance.Spec.Prometheus) if err != nil { return "", err } - prometheusConfigYAML, err := yaml.Marshal(prometheusReceiverConfig) + prometheusConfigYAML, err := yaml.Marshal(prometheusConfig) if err != nil { return "", err } diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index a1b5c60ee..6974ba7e4 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -37,7 +37,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { func PrometheusConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { name := naming.PrometheusConfigMap(params.OtelCol.Name) - labels := manifestutils.Labels(params.OtelCol.ObjectMeta, name, params.OtelCol.Spec.Image, ComponentAmazonCloudWatchAgent, []string{}) + labels := manifestutils.Labels(params.OtelCol.ObjectMeta, name, "", ComponentAmazonCloudWatchAgent, []string{}) replacedPrometheusConf, err := ReplacePrometheusConfig(params.OtelCol) if err != nil { diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index d4cca1841..1be39dcc7 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -53,7 +53,6 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", "app.kubernetes.io/instance": "default.test", "app.kubernetes.io/part-of": "amazon-cloudwatch-agent", - "app.kubernetes.io/version": "0.47.0", } configYAML, err := os.ReadFile("testdata/prometheus_test.yaml") @@ -74,7 +73,6 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { t.Run("should return expected prometheus config map", func(t *testing.T) { expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" - expectedLabels["app.kubernetes.io/version"] = "0.0.0" expectedData := map[string]string{ "prometheus.yaml": `config: @@ -168,7 +166,6 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" - expectedLabels["app.kubernetes.io/version"] = "0.0.0" expectedData := map[string]string{ "prometheus.yaml": `config: @@ -215,15 +212,11 @@ target_allocator: assert.Equal(t, expectedLabels, actual.Labels) assert.Equal(t, expectedData, actual.Data) - // Reset the value - expectedLabels["app.kubernetes.io/version"] = "0.47.0" - }) t.Run("should return expected escaped prometheus config map with target_allocator config block", func(t *testing.T) { expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" - expectedLabels["app.kubernetes.io/version"] = "0.0.0" expectedData := map[string]string{ "prometheus.yaml": `config: {} @@ -264,9 +257,5 @@ target_allocator: assert.Equal(t, expectedLabels, actual.Labels) assert.Equal(t, expectedData, actual.Data) - // Reset the value - expectedLabels["app.kubernetes.io/version"] = "0.47.0" - assert.NoError(t, err) - }) } diff --git a/internal/manifests/manifestutils/labels.go b/internal/manifests/manifestutils/labels.go index 68fdf1fe6..e44bf148f 100644 --- a/internal/manifests/manifestutils/labels.go +++ b/internal/manifests/manifestutils/labels.go @@ -37,19 +37,21 @@ func Labels(instance metav1.ObjectMeta, name string, image string, component str base[k] = v } - version := strings.Split(image, ":") - for _, v := range version { - if strings.HasSuffix(v, "@sha256") { - versionLabel = strings.TrimSuffix(v, "@sha256") + if len(image) > 0 { + version := strings.Split(image, ":") + for _, v := range version { + if strings.HasSuffix(v, "@sha256") { + versionLabel = strings.TrimSuffix(v, "@sha256") + } + } + switch lenVersion := len(version); lenVersion { + case 3: + base["app.kubernetes.io/version"] = versionLabel + case 2: + base["app.kubernetes.io/version"] = naming.Truncate("%s", 63, version[len(version)-1]) + default: + base["app.kubernetes.io/version"] = "latest" } - } - switch lenVersion := len(version); lenVersion { - case 3: - base["app.kubernetes.io/version"] = versionLabel - case 2: - base["app.kubernetes.io/version"] = naming.Truncate("%s", 63, version[len(version)-1]) - default: - base["app.kubernetes.io/version"] = "latest" } // Don't override the app name if it already exists diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index fea17f76d..a06d38139 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -36,9 +36,9 @@ func errorNotAStringAtIndex(component string, index int) error { return fmt.Errorf("index %d: %s property in the configuration doesn't contain a valid string: %s", index, component, component) } -// getScrapeConfigsFromPromConfig extracts the scrapeConfig array from prometheus receiver config. -func getScrapeConfigsFromPromConfig(promReceiverConfig map[interface{}]interface{}) ([]interface{}, error) { - prometheusConfigProperty, ok := promReceiverConfig["config"] +// getScrapeConfigsFromPromConfig extracts the scrapeConfig array from prometheus config. +func getScrapeConfigsFromPromConfig(promConfig map[interface{}]interface{}) ([]interface{}, error) { + prometheusConfigProperty, ok := promConfig["config"] if !ok { return nil, errorNoComponent("prometheusConfig") } @@ -236,7 +236,7 @@ func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceNa return prometheus, nil } -// ValidatePromConfig checks if the prometheus receiver config is valid given other collector-level settings. +// ValidatePromConfig checks if the prometheus config is valid given other collector-level settings. func ValidatePromConfig(config map[interface{}]interface{}, targetAllocatorEnabled bool, targetAllocatorRewriteEnabled bool) error { _, promConfigExists := config["config"] @@ -263,15 +263,15 @@ func ValidatePromConfig(config map[interface{}]interface{}, targetAllocatorEnabl // ValidateTargetAllocatorConfig checks if the Target Allocator config is valid // In order for Target Allocator to do anything useful, at least one of the following has to be true: -// - at least one scrape config has to be defined in Prometheus receiver configuration +// - at least one scrape config has to be defined in Prometheus configuration // - PrometheusCR has to be enabled in target allocator settings -func ValidateTargetAllocatorConfig(targetAllocatorPrometheusCR bool, promReceiverConfig map[interface{}]interface{}) error { +func ValidateTargetAllocatorConfig(targetAllocatorPrometheusCR bool, promConfig map[interface{}]interface{}) error { if targetAllocatorPrometheusCR { return nil } // if PrometheusCR isn't enabled, we need at least one scrape config - scrapeConfigs, err := getScrapeConfigsFromPromConfig(promReceiverConfig) + scrapeConfigs, err := getScrapeConfigsFromPromConfig(promConfig) if err != nil { return err } diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 96f213453..80c24ff86 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -366,13 +366,13 @@ func TestValidateTargetAllocatorConfig(t *testing.T) { expectedError: nil, }, { - description: "receiver config empty and PrometheusCR enabled", + description: "config empty and PrometheusCR enabled", config: map[interface{}]interface{}{}, targetAllocatorPrometheusCR: true, expectedError: nil, }, { - description: "receiver config empty and PrometheusCR disabled", + description: "config empty and PrometheusCR disabled", config: map[interface{}]interface{}{}, targetAllocatorPrometheusCR: false, expectedError: fmt.Errorf("no %s available as part of the configuration", "prometheusConfig"), diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 998b34693..aceb712c2 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -32,7 +32,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { labels["app.kubernetes.io/version"] = "latest" } - prometheusReceiverConfig, err := adapters.GetPromConfig(params.OtelCol.Spec.Prometheus) + prometheusConfig, err := adapters.GetPromConfig(params.OtelCol.Spec.Prometheus) if err != nil { return &corev1.ConfigMap{}, err } @@ -41,7 +41,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { prometheusCRConfig := make(map[interface{}]interface{}) taConfig["label_selector"] = manifestutils.SelectorLabels(params.OtelCol.ObjectMeta, collector.ComponentAmazonCloudWatchAgent) // We only take the "config" from the returned object, if it's present - if prometheusConfig, ok := prometheusReceiverConfig["config"]; ok { + if prometheusConfig, ok := prometheusConfig["config"]; ok { taConfig["config"] = prometheusConfig } diff --git a/main.go b/main.go index b64043e32..9c6bd260b 100644 --- a/main.go +++ b/main.go @@ -139,7 +139,7 @@ func main() { pflag.StringVar(&autoInstrumentationConfigStr, "auto-instrumentation-config", "", "The configuration for auto-instrumentation.") stringFlagOrEnv(&dcgmExporterImage, "dcgm-exporter-image", "RELATED_IMAGE_DCGM_EXPORTER", fmt.Sprintf("%s:%s", dcgmExporterImageRepository, v.DcgmExporter), "The default DCGM Exporter image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&neuronMonitorImage, "neuron-monitor-image", "RELATED_IMAGE_NEURON_MONITOR", fmt.Sprintf("%s:%s", neuronMonitorImageRepository, v.NeuronMonitor), "The default Neuron monitor image. This image is used when no image is specified in the CustomResource.") - stringFlagOrEnv(&targetAllocatorImage, "target-allocator-image", "RELATED_IMAGE_TARGET_ALLOCATOR", fmt.Sprintf("%s:%s", targetAllocatorImageRepository, v.TargetAllocator), "The default OpenTelemetry target allocator image. This image is used when no image is specified in the CustomResource.") + stringFlagOrEnv(&targetAllocatorImage, "target-allocator-image", "RELATED_IMAGE_TARGET_ALLOCATOR", fmt.Sprintf("%s:%s", targetAllocatorImageRepository, v.TargetAllocator), "The default AmazonCloudWatchAgent target allocator image. This image is used when no image is specified in the CustomResource.") pflag.Parse() // set instrumentation cpu and memory limits in environment variables to be used for default instrumentation; default values received from https://github.com/open-telemetry/opentelemetry-operator/blob/main/apis/v1alpha1/instrumentation_webhook.go From f51816b24120605fea3ea126a0f72004c18cd20b Mon Sep 17 00:00:00 2001 From: Lisa Guo Date: Wed, 11 Sep 2024 17:31:05 -0400 Subject: [PATCH 57/99] Change test failure to echo a warning when checking k8s version dependencies (#203) --- .github/workflows/eks-add-on-integ-test.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/eks-add-on-integ-test.yml b/.github/workflows/eks-add-on-integ-test.yml index f959b882b..d16388c77 100644 --- a/.github/workflows/eks-add-on-integ-test.yml +++ b/.github/workflows/eks-add-on-integ-test.yml @@ -83,18 +83,17 @@ jobs: - name: Confirm EKS Version Support run: | - if [[ + if [[ $(go list -m k8s.io/client-go | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/apimachinery | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/component-base | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/kubectl | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) - ]]; then + ]]; then echo k8s.io/client-go $(go list -m k8s.io/client-go) is less than ${{ matrix.arrays.k8sVersion }} echo or k8s.io/apimachinery $(go list -m k8s.io/apimachinery) is less than ${{ matrix.arrays.k8sVersion }} echo or k8s.io/component-base $(go list -m k8s.io/component-base) is less than ${{ matrix.arrays.k8sVersion }} - echo or k8s.io/kubectl $(go list -m k8s.io/kubectl) is less than ${{ matrix.arrays.k8sVersion }}, fail test - echo "please run go get -u && go mod tidy" - exit 1; + echo or k8s.io/kubectl $(go list -m k8s.io/kubectl) is less than ${{ matrix.arrays.k8sVersion }} + echo "[WARNING] Kubernetes dependencies are lower than the latest Kubernetes cluster version. Please check changelog to ensure no breaking changes: https://kubernetes.io/releases/" fi - name: Verify Terraform version From 194b0b8abfd8fe662cc5ebc5538802f615722312 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 12 Sep 2024 15:01:49 -0400 Subject: [PATCH 58/99] Re-introduce double dollar env substitution logic. --- internal/manifests/collector/config_replace.go | 6 +++++- .../manifests/collector/config_replace_test.go | 2 +- .../relabel_config_expected_with_sd_config.yaml | 2 +- .../testdata/relabel_config_original.yaml | 2 +- .../adapters/config_to_prom_config.go | 14 ++++++++++---- .../adapters/config_to_prom_config_test.go | 10 +++++----- internal/manifests/targetallocator/configmap.go | 2 +- 7 files changed, 24 insertions(+), 14 deletions(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 0289cad4e..b7f892385 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -50,7 +50,7 @@ func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { // Check if TargetAllocator is enabled, if not, return the original config if !instance.Spec.TargetAllocator.Enabled { - prometheusConfig, err := ta.GetPromConfig(instance.Spec.Prometheus) + prometheusConfig, err := ta.UnescapeDollarSignsInPromConfig(instance.Spec.Prometheus) if err != nil { return "", err } @@ -74,6 +74,8 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e } if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { + // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters + // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) if getCfgPromErr != nil { return "", getCfgPromErr @@ -87,6 +89,8 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e return string(out), nil } + // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters + // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) if err != nil { return "", err diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index 3f240cb65..445b7c591 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -315,7 +315,7 @@ func TestReplacePrometheusConfig(t *testing.T) { - label1 - action: replace regex: (.*) - replacement: $1_$2 + replacement: $$1_$$2 separator: ; source_labels: - label2 diff --git a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml index 49c8c9284..dc03a5073 100644 --- a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml +++ b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml @@ -27,7 +27,7 @@ config: - label1 - action: replace regex: (.*) - replacement: $1_$2 + replacement: $$1_$$2 separator: ; source_labels: - label2 diff --git a/internal/manifests/collector/testdata/relabel_config_original.yaml b/internal/manifests/collector/testdata/relabel_config_original.yaml index dc7a4f6de..6a07a7da5 100644 --- a/internal/manifests/collector/testdata/relabel_config_original.yaml +++ b/internal/manifests/collector/testdata/relabel_config_original.yaml @@ -18,7 +18,7 @@ config: source_labels: [label2] action: replace regex: (.*) - replacement: "$1_$2" + replacement: "$$1_$$2" separator: ";" - source_labels: [label4] action: labelmap diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index a06d38139..c6ad00a5d 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -8,6 +8,7 @@ import ( "fmt" "net/url" "regexp" + "strings" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ) @@ -61,8 +62,9 @@ func getScrapeConfigsFromPromConfig(promConfig map[interface{}]interface{}) ([]i return scrapeConfigs, nil } -// GetPromConfig returns a Prometheus configuration file. -func GetPromConfig(cfg string) (map[interface{}]interface{}, error) { +// UnescapeDollarSignsInPromConfig replaces "$$" with "$" in the "replacement" fields of +// both "relabel_configs" and "metric_relabel_configs" in a Prometheus configuration file. +func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, error) { prometheus, err := adapters.ConfigFromString(cfg) if err != nil { return nil, err @@ -100,10 +102,12 @@ func GetPromConfig(cfg string) (map[interface{}]interface{}, error) { continue } - _, rcErr = replacementProperty.(string) + replacement, rcErr := replacementProperty.(string) if !rcErr { return nil, errorNotAStringAtIndex("replacement", i) } + + relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") } metricRelabelConfigsProperty, ok := scrapeConfig["metric_relabel_configs"] @@ -127,10 +131,12 @@ func GetPromConfig(cfg string) (map[interface{}]interface{}, error) { continue } - _, ok = replacementProperty.(string) + replacement, ok := replacementProperty.(string) if !ok { return nil, errorNotAStringAtIndex("replacement", i) } + + relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") } } diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 80c24ff86..fc6fe7d3d 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -70,7 +70,7 @@ target_allocator: assert.Equal(t, expectedData, promConfig) } -func TestGetPromConfig(t *testing.T) { +func TestUnescapeDollarSignsInPromConfig(t *testing.T) { actual := ` config: scrape_configs: @@ -78,14 +78,14 @@ config: relabel_configs: - source_labels: ['__meta_service_id'] target_label: 'job' - replacement: 'my_service_$1' + replacement: 'my_service_$$1' - source_labels: ['__meta_service_name'] target_label: 'instance' replacement: '$1' metric_relabel_configs: - source_labels: ['job'] target_label: 'job' - replacement: '$1_$2' + replacement: '$$1_$2' ` expected := ` config: @@ -104,12 +104,12 @@ config: replacement: '$1_$2' ` - config, err := ta.GetPromConfig(actual) + config, err := ta.UnescapeDollarSignsInPromConfig(actual) if err != nil { t.Errorf("unexpected error: %v", err) } - expectedConfig, err := ta.GetPromConfig(expected) + expectedConfig, err := ta.UnescapeDollarSignsInPromConfig(expected) if err != nil { t.Errorf("unexpected error: %v", err) } diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index aceb712c2..d566645f6 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -32,7 +32,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { labels["app.kubernetes.io/version"] = "latest" } - prometheusConfig, err := adapters.GetPromConfig(params.OtelCol.Spec.Prometheus) + prometheusConfig, err := adapters.UnescapeDollarSignsInPromConfig(params.OtelCol.Spec.Prometheus) if err != nil { return &corev1.ConfigMap{}, err } From 12fcab96c866aabd6087ece4ed8c99d9d943d83d Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 13 Sep 2024 00:55:41 -0400 Subject: [PATCH 59/99] Migrated prometheus type from string to PrometheusConfig struct. --- apis/v1alpha1/amazoncloudwatchagent_types.go | 2 +- apis/v1alpha1/collector_webhook.go | 7 +- apis/v1alpha1/collector_webhook_test.go | 19 +++-- apis/v1alpha1/prometheus_config.go | 74 +++++++++++++++++++ apis/v1alpha1/zz_generated.deepcopy.go | 24 ++++++ ...aws.amazon.com_amazoncloudwatchagents.yaml | 23 +++++- docs/api.md | 66 ++++++++++++++++- internal/manifests/collector/collector.go | 2 +- .../manifests/collector/config_replace.go | 10 ++- .../collector/config_replace_test.go | 21 +++++- .../manifests/collector/configmap_test.go | 25 ++++++- internal/manifests/collector/container.go | 2 +- internal/manifests/collector/volume.go | 2 +- internal/manifests/collector/volume_test.go | 3 +- .../manifests/targetallocator/configmap.go | 8 +- .../targetallocator/deployment_test.go | 9 ++- 16 files changed, 272 insertions(+), 25 deletions(-) create mode 100644 apis/v1alpha1/prometheus_config.go diff --git a/apis/v1alpha1/amazoncloudwatchagent_types.go b/apis/v1alpha1/amazoncloudwatchagent_types.go index ee4289ac2..d60f0a3c7 100644 --- a/apis/v1alpha1/amazoncloudwatchagent_types.go +++ b/apis/v1alpha1/amazoncloudwatchagent_types.go @@ -169,7 +169,7 @@ type AmazonCloudWatchAgentSpec struct { ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` // Prometheus is the raw YAML to be used as the collector's prometheus configuration. // +optional - Prometheus string `json:"prometheus,omitempty"` + Prometheus PrometheusConfig `json:"prometheus,omitempty"` // Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details. // +required Config string `json:"config,omitempty"` diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index a8f3b1291..5ba011235 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -178,7 +178,12 @@ func (c CollectorWebhook) validate(r *AmazonCloudWatchAgent) (admission.Warnings // validate Prometheus config for target allocation if r.Spec.TargetAllocator.Enabled { - promCfg, err := adapters.ConfigFromString(r.Spec.Prometheus) + promConfigYaml, err := r.Spec.Prometheus.Yaml() + if err != nil { + return warnings, fmt.Errorf("%s could not convert json to yaml", err) + } + + promCfg, err := adapters.ConfigFromString(promConfigYaml) if err != nil { return warnings, fmt.Errorf("the OpenTelemetry Spec Prometheus configuration is incorrect, %w", err) } diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index 21f7879d1..bf50160c2 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -9,6 +9,9 @@ import ( "os" "testing" + "github.com/stretchr/testify/require" + "gopkg.in/yaml.v2" + "github.com/go-logr/logr" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" @@ -284,6 +287,12 @@ func TestOTELColDefaultingWebhook(t *testing.T) { } } +var promCfgYaml = `config: + scrape_configs: + - job_name: otel-collector + scrape_interval: 10s +` + // TODO: a lot of these tests use .Spec.MaxReplicas and .Spec.MinReplicas. These fields are // deprecated and moved to .Spec.Autoscaler. Fine to use these fields to test that old CRD is // still supported but should eventually be updated. @@ -295,6 +304,10 @@ func TestOTELColValidatingWebhook(t *testing.T) { three := int32(3) five := int32(5) + promCfg := PrometheusConfig{} + err := yaml.Unmarshal([]byte(promCfgYaml), &promCfg) + require.NoError(t, err) + tests := []struct { //nolint:govet name string otelcol AmazonCloudWatchAgent @@ -317,11 +330,7 @@ func TestOTELColValidatingWebhook(t *testing.T) { TargetAllocator: AmazonCloudWatchAgentTargetAllocator{ Enabled: true, }, - Prometheus: `config: - scrape_configs: - - job_name: otel-collector - scrape_interval: 10s -`, + Prometheus: promCfg, Ports: []v1.ServicePort{ { Name: "port1", diff --git a/apis/v1alpha1/prometheus_config.go b/apis/v1alpha1/prometheus_config.go new file mode 100644 index 000000000..c74d047c5 --- /dev/null +++ b/apis/v1alpha1/prometheus_config.go @@ -0,0 +1,74 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "bytes" + + "gopkg.in/yaml.v3" +) + +// AnyConfig represent parts of the config. +type AnyConfig struct { + Object map[string]interface{} `json:"-" yaml:",inline"` +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AnyConfig) DeepCopyInto(out *AnyConfig) { + *out = *in + if in.Object != nil { + in, out := &in.Object, &out.Object + *out = make(map[string]interface{}, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnyConfig. +func (in *AnyConfig) DeepCopy() *AnyConfig { + if in == nil { + return nil + } + out := new(AnyConfig) + in.DeepCopyInto(out) + return out +} + +// PrometheusConfig encapsulates prometheus config. +type PrometheusConfig struct { + // +kubebuilder:pruning:PreserveUnknownFields + Config *AnyConfig `json:"config,omitempty" yaml:"config,omitempty"` + // +kubebuilder:pruning:PreserveUnknownFields + TrimMetricSuffixes bool `json:"trim_metric_suffixes,omitempty" yaml:"trim_metric_suffixes,omitempty"` + // +kubebuilder:pruning:PreserveUnknownFields + UseStartTimeMetric bool `json:"use_start_time_metric,omitempty" yaml:"use_start_time_metric,omitempty"` + // +kubebuilder:pruning:PreserveUnknownFields + StartTimeMetricRegex string `json:"start_time_metric_regex,omitempty" yaml:"start_time_metric_regex,omitempty"` + // +kubebuilder:pruning:PreserveUnknownFields + ReportExtraScrapeMetrics bool `json:"report_extra_scrape_metrics,omitempty" yaml:"report_extra_scrape_metrics,omitempty"` + // +kubebuilder:pruning:PreserveUnknownFields + TargetAllocator *AnyConfig `json:"target_allocator,omitempty" yaml:"target_allocator,omitempty"` +} + +// Yaml encodes the current object and returns it as a string. +func (pc *PrometheusConfig) Yaml() (string, error) { + var buf bytes.Buffer + yamlEncoder := yaml.NewEncoder(&buf) + yamlEncoder.SetIndent(2) + if err := yamlEncoder.Encode(&pc); err != nil { + return "", err + } + return buf.String(), nil +} + +// IsEmpty checks if the prometheus config is empty. +func (pc *PrometheusConfig) IsEmpty() bool { + return pc.Config == nil && + !pc.TrimMetricSuffixes && + !pc.UseStartTimeMetric && + pc.StartTimeMetricRegex == "" && + !pc.ReportExtraScrapeMetrics && + pc.TargetAllocator == nil +} diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index c43116dd8..4d7355472 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -135,6 +135,7 @@ func (in *AmazonCloudWatchAgentSpec) DeepCopyInto(out *AmazonCloudWatchAgentSpec } } in.TargetAllocator.DeepCopyInto(&out.TargetAllocator) + in.Prometheus.DeepCopyInto(&out.Prometheus) if in.VolumeMounts != nil { in, out := &in.VolumeMounts, &out.VolumeMounts *out = make([]corev1.VolumeMount, len(*in)) @@ -1211,6 +1212,29 @@ func (in *Probe) DeepCopy() *Probe { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig) { + *out = *in + if in.Config != nil { + in, out := &in.Config, &out.Config + *out = (*in).DeepCopy() + } + if in.TargetAllocator != nil { + in, out := &in.TargetAllocator, &out.TargetAllocator + *out = (*in).DeepCopy() + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig. +func (in *PrometheusConfig) DeepCopy() *PrometheusConfig { + if in == nil { + return nil + } + out := new(PrometheusConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Python) DeepCopyInto(out *Python) { *out = *in diff --git a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml index 5d6f705be..42a1be006 100644 --- a/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml +++ b/config/crd/bases/cloudwatch.aws.amazon.com_amazoncloudwatchagents.yaml @@ -4803,7 +4803,28 @@ spec: prometheus: description: Prometheus is the raw YAML to be used as the collector's prometheus configuration. - type: string + properties: + config: + description: AnyConfig represent parts of the config. + type: object + x-kubernetes-preserve-unknown-fields: true + report_extra_scrape_metrics: + type: boolean + x-kubernetes-preserve-unknown-fields: true + start_time_metric_regex: + type: string + x-kubernetes-preserve-unknown-fields: true + target_allocator: + description: AnyConfig represent parts of the config. + type: object + x-kubernetes-preserve-unknown-fields: true + trim_metric_suffixes: + type: boolean + x-kubernetes-preserve-unknown-fields: true + use_start_time_metric: + type: boolean + x-kubernetes-preserve-unknown-fields: true + type: object replicas: description: Replicas is the number of pod instances for the underlying OpenTelemetry Collector. Set this if your are not using autoscaling diff --git a/docs/api.md b/docs/api.md index 3c3473031..843d93acf 100644 --- a/docs/api.md +++ b/docs/api.md @@ -321,8 +321,8 @@ default.
 - - + + @@ -9967,6 +9967,68 @@ More info: https://kubernetes.io/docs/concepts/services-networking/service/#defi
false
prometheusConfigprometheus string - PrometheusConfig is the raw YAML to be used as the collector's prometheus configuration.
+ Prometheus is the raw YAML to be used as the collector's prometheus configuration.
 false
false
prometheusstringprometheusobject Prometheus is the raw YAML to be used as the collector's prometheus configuration.
+### AmazonCloudWatchAgent.spec.prometheus +[↩ Parent](#amazoncloudwatchagentspec) + + + +Prometheus is the raw YAML to be used as the collector's prometheus configuration. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configobject + AnyConfig represent parts of the config.
+ 		false
report_extra_scrape_metricsboolean +
+ 		false
start_time_metric_regexstring +
+ 		false
target_allocatorobject + AnyConfig represent parts of the config.
+ 		false
trim_metric_suffixesboolean +
+ 		false
use_start_time_metricboolean +
+ 		false
+ + ### AmazonCloudWatchAgent.spec.resources [↩ Parent](#amazoncloudwatchagentspec) diff --git a/internal/manifests/collector/collector.go b/internal/manifests/collector/collector.go index bbe5e3e75..6fe891957 100644 --- a/internal/manifests/collector/collector.go +++ b/internal/manifests/collector/collector.go @@ -47,7 +47,7 @@ func Build(params manifests.Params) ([]client.Object, error) { manifestFactories = append(manifestFactories, manifests.Factory(ServiceMonitor)) } } - if len(params.OtelCol.Spec.Prometheus) > 0 { + if !params.OtelCol.Spec.Prometheus.IsEmpty() { manifestFactories = append(manifestFactories, manifests.Factory(PrometheusConfigMap)) } for _, factory := range manifestFactories { diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index b7f892385..128368834 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -5,6 +5,7 @@ package collector import ( "encoding/json" + "fmt" "time" ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" @@ -48,9 +49,14 @@ func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { } func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { + promConfigYaml, err := instance.Spec.Prometheus.Yaml() + if err != nil { + return "", fmt.Errorf("%s could not convert json to yaml", err) + } + // Check if TargetAllocator is enabled, if not, return the original config if !instance.Spec.TargetAllocator.Enabled { - prometheusConfig, err := ta.UnescapeDollarSignsInPromConfig(instance.Spec.Prometheus) + prometheusConfig, err := ta.UnescapeDollarSignsInPromConfig(promConfigYaml) if err != nil { return "", err } @@ -63,7 +69,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e return string(prometheusConfigYAML), nil } - promCfgMap, getCfgPromErr := adapters.ConfigFromString(instance.Spec.Prometheus) + promCfgMap, getCfgPromErr := adapters.ConfigFromString(promConfigYaml) if getCfgPromErr != nil { return "", getCfgPromErr } diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index 445b7c591..11954ca58 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -28,6 +28,11 @@ func TestPrometheusParser(t *testing.T) { if err != nil { fmt.Printf("Error getting yaml file: %v", err) } + promCfg := v1alpha1.PrometheusConfig{} + err = yaml.Unmarshal(httpConfigYAML, &promCfg) + if err != nil { + fmt.Printf("failed to unmarshal config: %v", err) + } param := manifests.Params{ OtelCol: v1alpha1.AmazonCloudWatchAgent{ TypeMeta: metav1.TypeMeta{ @@ -41,7 +46,7 @@ func TestPrometheusParser(t *testing.T) { }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", - Prometheus: string(httpConfigYAML), + Prometheus: promCfg, TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ Enabled: true, Image: "test/test-img", @@ -117,6 +122,11 @@ func TestPrometheusParser(t *testing.T) { if err != nil { fmt.Printf("Error getting yaml file: %v", err) } + promCfg := v1alpha1.PrometheusConfig{} + err = yaml.Unmarshal(httpTAConfigYAML, &promCfg) + if err != nil { + fmt.Printf("failed to unmarshal config: %v", err) + } paramTa := manifests.Params{ OtelCol: v1alpha1.AmazonCloudWatchAgent{ TypeMeta: metav1.TypeMeta{ @@ -130,7 +140,7 @@ func TestPrometheusParser(t *testing.T) { }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", - Prometheus: string(httpTAConfigYAML), + Prometheus: promCfg, TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ Enabled: true, Image: "test/test-img", @@ -201,6 +211,11 @@ func TestReplacePrometheusConfig(t *testing.T) { if err != nil { fmt.Printf("Error getting yaml file: %v", err) } + promCfg := v1alpha1.PrometheusConfig{} + err = yaml.Unmarshal(relabelConfigYAML, &promCfg) + if err != nil { + fmt.Printf("failed to unmarshal config: %v", err) + } param := manifests.Params{ OtelCol: v1alpha1.AmazonCloudWatchAgent{ TypeMeta: metav1.TypeMeta{ @@ -214,7 +229,7 @@ func TestReplacePrometheusConfig(t *testing.T) { }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", - Prometheus: string(relabelConfigYAML), + Prometheus: promCfg, TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ Enabled: true, Image: "test/test-img", diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index 1be39dcc7..81c17ee4d 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -8,6 +8,8 @@ import ( "os" "testing" + "gopkg.in/yaml.v3" + colfeaturegate "go.opentelemetry.io/collector/featuregate" "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" @@ -59,16 +61,31 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { if err != nil { fmt.Printf("Error getting yaml file: %v", err) } + promCfg := v1alpha1.PrometheusConfig{} + err = yaml.Unmarshal(configYAML, &promCfg) + if err != nil { + fmt.Printf("failed to unmarshal config: %v", err) + } httpConfigYAML, err := os.ReadFile("testdata/http_sd_config_servicemonitor_test.yaml") if err != nil { fmt.Printf("Error getting yaml file: %v", err) } + httpPromCfg := v1alpha1.PrometheusConfig{} + err = yaml.Unmarshal(httpConfigYAML, &httpPromCfg) + if err != nil { + fmt.Printf("failed to unmarshal config: %v", err) + } httpTAConfigYAML, err := os.ReadFile("testdata/http_sd_config_servicemonitor_test_ta_set.yaml") if err != nil { fmt.Printf("Error getting yaml file: %v", err) } + httpTAPromCfg := v1alpha1.PrometheusConfig{} + err = yaml.Unmarshal(httpTAConfigYAML, &httpTAPromCfg) + if err != nil { + fmt.Printf("failed to unmarshal config: %v", err) + } t.Run("should return expected prometheus config map", func(t *testing.T) { expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" @@ -98,7 +115,7 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", - Prometheus: string(configYAML), + Prometheus: promCfg, }, }, } @@ -143,7 +160,7 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", - Prometheus: string(configYAML), + Prometheus: promCfg, }, }, } @@ -195,7 +212,7 @@ target_allocator: }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", - Prometheus: string(httpTAConfigYAML), + Prometheus: httpTAPromCfg, TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ Enabled: true, Image: "test/test-img", @@ -240,7 +257,7 @@ target_allocator: }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", - Prometheus: string(httpConfigYAML), + Prometheus: httpPromCfg, TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ Enabled: true, Image: "test/test-img", diff --git a/internal/manifests/collector/container.go b/internal/manifests/collector/container.go index ebee5cdad..e9a970053 100644 --- a/internal/manifests/collector/container.go +++ b/internal/manifests/collector/container.go @@ -46,7 +46,7 @@ func Container(cfg config.Config, logger logr.Logger, agent v1alpha1.AmazonCloud if addConfig { volumeMounts = append(volumeMounts, getVolumeMounts(agent.Spec.NodeSelector["kubernetes.io/os"])) - if len(agent.Spec.Prometheus) > 0 { + if !agent.Spec.Prometheus.IsEmpty() { volumeMounts = append(volumeMounts, getPrometheusVolumeMounts(agent.Spec.NodeSelector["kubernetes.io/os"])) } } diff --git a/internal/manifests/collector/volume.go b/internal/manifests/collector/volume.go index fbc05574f..bfcc5e7b8 100644 --- a/internal/manifests/collector/volume.go +++ b/internal/manifests/collector/volume.go @@ -27,7 +27,7 @@ func Volumes(cfg config.Config, otelcol v1alpha1.AmazonCloudWatchAgent) []corev1 }, }} - if len(otelcol.Spec.Prometheus) > 0 { + if !otelcol.Spec.Prometheus.IsEmpty() { volumes = append(volumes, corev1.Volume{ Name: naming.PrometheusConfigMapVolume(), VolumeSource: corev1.VolumeSource{ diff --git a/internal/manifests/collector/volume_test.go b/internal/manifests/collector/volume_test.go index 0e94b620b..be6899865 100644 --- a/internal/manifests/collector/volume_test.go +++ b/internal/manifests/collector/volume_test.go @@ -81,9 +81,10 @@ func TestVolumePrometheus(t *testing.T) { // prepare otelcol := v1alpha1.AmazonCloudWatchAgent{ Spec: v1alpha1.AmazonCloudWatchAgentSpec{ - Prometheus: "test", + Prometheus: v1alpha1.PrometheusConfig{Config: &v1alpha1.AnyConfig{}}, }, } + cfg := config.New() // test diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index d566645f6..4587cd339 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -4,6 +4,7 @@ package targetallocator import ( + "fmt" "strings" "gopkg.in/yaml.v2" @@ -32,7 +33,12 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { labels["app.kubernetes.io/version"] = "latest" } - prometheusConfig, err := adapters.UnescapeDollarSignsInPromConfig(params.OtelCol.Spec.Prometheus) + promConfigYaml, err := params.OtelCol.Spec.Prometheus.Yaml() + if err != nil { + return &corev1.ConfigMap{}, fmt.Errorf("%s could not convert json to yaml", err) + } + + prometheusConfig, err := adapters.UnescapeDollarSignsInPromConfig(promConfigYaml) if err != nil { return &corev1.ConfigMap{}, err } diff --git a/internal/manifests/targetallocator/deployment_test.go b/internal/manifests/targetallocator/deployment_test.go index 177f61c81..0799288cf 100644 --- a/internal/manifests/targetallocator/deployment_test.go +++ b/internal/manifests/targetallocator/deployment_test.go @@ -8,6 +8,8 @@ import ( "os" "testing" + "gopkg.in/yaml.v2" + "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -168,6 +170,11 @@ func collectorInstance() v1alpha1.AmazonCloudWatchAgent { if err != nil { fmt.Printf("Error getting yaml file: %v", err) } + promCfg := v1alpha1.PrometheusConfig{} + err = yaml.Unmarshal(configYAML, &promCfg) + if err != nil { + fmt.Printf("failed to unmarshal config: %v", err) + } return v1alpha1.AmazonCloudWatchAgent{ ObjectMeta: metav1.ObjectMeta{ Name: "my-instance", @@ -175,7 +182,7 @@ func collectorInstance() v1alpha1.AmazonCloudWatchAgent { }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "ghcr.io/aws/amazon-cloudwatch-agent-operator/amazon-cloudwatch-agent-operator:0.47.0", - Prometheus: string(configYAML), + Prometheus: promCfg, }, } } From 8a604553eec426de74825e397f80f490d71b35b7 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 13 Sep 2024 01:14:27 -0400 Subject: [PATCH 60/99] Use yaml2 for configmap_test.go. --- internal/manifests/collector/configmap_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index 81c17ee4d..cb752d82b 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -8,7 +8,7 @@ import ( "os" "testing" - "gopkg.in/yaml.v3" + "gopkg.in/yaml.v2" colfeaturegate "go.opentelemetry.io/collector/featuregate" From 28164a4103b6ff847e7d397968bb80f92a6b1fcf Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 13 Sep 2024 01:58:11 -0400 Subject: [PATCH 61/99] Add changes to v1alpha2. --- apis/v1alpha2/amazoncloudwatchagent_types.go | 2 +- apis/v1alpha2/zz_generated.deepcopy.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apis/v1alpha2/amazoncloudwatchagent_types.go b/apis/v1alpha2/amazoncloudwatchagent_types.go index 347f4e02a..c4340ef20 100644 --- a/apis/v1alpha2/amazoncloudwatchagent_types.go +++ b/apis/v1alpha2/amazoncloudwatchagent_types.go @@ -94,7 +94,7 @@ type AmazonCloudWatchAgentSpec struct { ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` // Prometheus is the raw YAML to be used as the collector's prometheus configuration. // +optional - Prometheus string `json:"prometheus,omitempty"` + Prometheus v1alpha1.PrometheusConfig `json:"prometheus,omitempty"` // Config is the raw JSON to be used as the collector's configuration. Refer to the OpenTelemetry Collector documentation for details. // +required Config string `json:"config,omitempty"` diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 6000b1b37..06959cc6b 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -123,6 +123,7 @@ func (in *AmazonCloudWatchAgentSpec) DeepCopyInto(out *AmazonCloudWatchAgentSpec } } in.TargetAllocator.DeepCopyInto(&out.TargetAllocator) + in.Prometheus.DeepCopyInto(&out.Prometheus) if in.VolumeMounts != nil { in, out := &in.VolumeMounts, &out.VolumeMounts *out = make([]v1.VolumeMount, len(*in)) From 851629512551d2d01caa84c2635310527d8c3ffb Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 13 Sep 2024 02:29:16 -0400 Subject: [PATCH 62/99] Implement marshaling and unmarshaling for AnyConfig. --- apis/v1alpha1/prometheus_config.go | 36 ++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/apis/v1alpha1/prometheus_config.go b/apis/v1alpha1/prometheus_config.go index c74d047c5..8d5635546 100644 --- a/apis/v1alpha1/prometheus_config.go +++ b/apis/v1alpha1/prometheus_config.go @@ -5,6 +5,7 @@ package v1alpha1 import ( "bytes" + "encoding/json" "gopkg.in/yaml.v3" ) @@ -15,10 +16,10 @@ type AnyConfig struct { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AnyConfig) DeepCopyInto(out *AnyConfig) { - *out = *in - if in.Object != nil { - in, out := &in.Object, &out.Object +func (ac *AnyConfig) DeepCopyInto(out *AnyConfig) { + *out = *ac + if ac.Object != nil { + in, out := &ac.Object, &out.Object *out = make(map[string]interface{}, len(*in)) for key, val := range *in { (*out)[key] = val @@ -27,15 +28,36 @@ func (in *AnyConfig) DeepCopyInto(out *AnyConfig) { } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnyConfig. -func (in *AnyConfig) DeepCopy() *AnyConfig { - if in == nil { +func (ac *AnyConfig) DeepCopy() *AnyConfig { + if ac == nil { return nil } out := new(AnyConfig) - in.DeepCopyInto(out) + ac.DeepCopyInto(out) return out } +var _ json.Marshaler = &AnyConfig{} +var _ json.Unmarshaler = &AnyConfig{} + +// UnmarshalJSON implements an alternative parser for this field. +func (ac *AnyConfig) UnmarshalJSON(b []byte) error { + vals := map[string]interface{}{} + if err := json.Unmarshal(b, &vals); err != nil { + return err + } + ac.Object = vals + return nil +} + +// MarshalJSON specifies how to convert this object into JSON. +func (ac *AnyConfig) MarshalJSON() ([]byte, error) { + if ac == nil { + return []byte("{}"), nil + } + return json.Marshal(ac.Object) +} + // PrometheusConfig encapsulates prometheus config. type PrometheusConfig struct { // +kubebuilder:pruning:PreserveUnknownFields From a8852cef5e4ec903929bc4fd574aee5cc877dfad Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 13 Sep 2024 10:46:11 -0400 Subject: [PATCH 63/99] Add TA version to labels. --- internal/manifests/targetallocator/configmap.go | 2 +- internal/manifests/targetallocator/configmap_test.go | 2 +- internal/manifests/targetallocator/deployment.go | 8 ++++++++ internal/manifests/targetallocator/service.go | 8 ++++++++ internal/manifests/targetallocator/serviceaccount.go | 8 ++++++++ 5 files changed, 26 insertions(+), 2 deletions(-) diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 4587cd339..34ca23123 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -25,7 +25,7 @@ const ( func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { name := naming.TAConfigMap(params.OtelCol.Name) - version := strings.Split(params.OtelCol.Spec.Image, ":") + version := strings.Split(params.OtelCol.Spec.TargetAllocator.Image, ":") labels := Labels(params.OtelCol, name) if len(version) > 1 { labels["app.kubernetes.io/version"] = version[len(version)-1] diff --git a/internal/manifests/targetallocator/configmap_test.go b/internal/manifests/targetallocator/configmap_test.go index 4620280b5..90f76948b 100644 --- a/internal/manifests/targetallocator/configmap_test.go +++ b/internal/manifests/targetallocator/configmap_test.go @@ -20,7 +20,7 @@ func TestDesiredConfigMap(t *testing.T) { "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", "app.kubernetes.io/instance": "default.my-instance", "app.kubernetes.io/part-of": "amazon-cloudwatch-agent", - "app.kubernetes.io/version": "0.47.0", + "app.kubernetes.io/version": "latest", } t.Run("should return expected target allocator config map", func(t *testing.T) { diff --git a/internal/manifests/targetallocator/deployment.go b/internal/manifests/targetallocator/deployment.go index b547f86b1..e47ef9a5d 100644 --- a/internal/manifests/targetallocator/deployment.go +++ b/internal/manifests/targetallocator/deployment.go @@ -4,6 +4,8 @@ package targetallocator import ( + "strings" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -15,7 +17,13 @@ import ( // Deployment builds the deployment for the given instance. func Deployment(params manifests.Params) (*appsv1.Deployment, error) { name := naming.TargetAllocator(params.OtelCol.Name) + version := strings.Split(params.OtelCol.Spec.TargetAllocator.Image, ":") labels := Labels(params.OtelCol, name) + if len(version) > 1 { + labels["app.kubernetes.io/version"] = version[len(version)-1] + } else { + labels["app.kubernetes.io/version"] = "latest" + } configMap, err := ConfigMap(params) if err != nil { diff --git a/internal/manifests/targetallocator/service.go b/internal/manifests/targetallocator/service.go index 0a83b2efe..1e2a12d90 100644 --- a/internal/manifests/targetallocator/service.go +++ b/internal/manifests/targetallocator/service.go @@ -4,6 +4,8 @@ package targetallocator import ( + "strings" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" @@ -14,7 +16,13 @@ import ( func Service(params manifests.Params) *corev1.Service { name := naming.TAService(params.OtelCol.Name) + version := strings.Split(params.OtelCol.Spec.TargetAllocator.Image, ":") labels := Labels(params.OtelCol, name) + if len(version) > 1 { + labels["app.kubernetes.io/version"] = version[len(version)-1] + } else { + labels["app.kubernetes.io/version"] = "latest" + } selector := Labels(params.OtelCol, name) diff --git a/internal/manifests/targetallocator/serviceaccount.go b/internal/manifests/targetallocator/serviceaccount.go index 9a7f19bb2..1883d255a 100644 --- a/internal/manifests/targetallocator/serviceaccount.go +++ b/internal/manifests/targetallocator/serviceaccount.go @@ -4,6 +4,8 @@ package targetallocator import ( + "strings" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -24,7 +26,13 @@ func ServiceAccountName(instance v1alpha1.AmazonCloudWatchAgent) string { // ServiceAccount returns the service account for the given instance. func ServiceAccount(params manifests.Params) *corev1.ServiceAccount { + version := strings.Split(params.OtelCol.Spec.TargetAllocator.Image, ":") labels := Labels(params.OtelCol, targetAllocatorServiceAcctName) + if len(version) > 1 { + labels["app.kubernetes.io/version"] = version[len(version)-1] + } else { + labels["app.kubernetes.io/version"] = "latest" + } return &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ From a32bbc00382734721eae3bb114939337d497a334 Mon Sep 17 00:00:00 2001 From: Parampreet Singh <50599809+Paramadon@users.noreply.github.com> Date: Fri, 13 Sep 2024 12:03:55 -0400 Subject: [PATCH 64/99] Open Application Signals ports on CWAgent only when enabled (#230) --- internal/manifests/collector/ports.go | 49 +++++-- internal/manifests/collector/ports_test.go | 131 +++++------------- .../test-resources/application_signals.json | 7 + .../multipleReceiversAgentConfig.json | 3 +- 4 files changed, 81 insertions(+), 109 deletions(-) create mode 100644 internal/manifests/collector/test-resources/application_signals.json diff --git a/internal/manifests/collector/ports.go b/internal/manifests/collector/ports.go index eeb80250e..55fed0c2c 100644 --- a/internal/manifests/collector/ports.go +++ b/internal/manifests/collector/ports.go @@ -21,19 +21,22 @@ import ( ) const ( - StatsD = "statsd" - CollectD = "collectd" - XrayProxy = "aws-proxy" - XrayTraces = "aws-traces" - OtlpGrpc = "otlp-grpc" - OtlpHttp = "otlp-http" - AppSignalsGrpc = "appsignals-grpc" - AppSignalsHttp = "appsignals-http" - AppSignalsProxy = "appsignals-xray" - EMF = "emf" - EMFTcp = "emf-tcp" - EMFUdp = "emf-udp" - CWA = "cwa-" + StatsD = "statsd" + CollectD = "collectd" + XrayProxy = "aws-proxy" + XrayTraces = "aws-traces" + OtlpGrpc = "otlp-grpc" + OtlpHttp = "otlp-http" + AppSignalsGrpc = "appsig-grpc" + AppSignalsHttp = "appsig-http" + AppSignalsProxy = "appsig-xray" + AppSignalsGrpcSA = ":4315" + AppSignalsHttpSA = ":4316" + AppSignalsProxySA = ":2000" + EMF = "emf" + EMFTcp = "emf-tcp" + EMFUdp = "emf-udp" + CWA = "cwa-" ) var receiverDefaultPortsMap = map[string]int32{ @@ -79,7 +82,6 @@ func getContainerPorts(logger logr.Logger, cfg string, specPorts []corev1.Servic config, err := adapters.ConfigStructFromJSONString(cfg) if err != nil { logger.Error(err, "error parsing cw agent config") - servicePorts = PortMapToServicePortList(AppSignalsPortToServicePortMap) } else { servicePorts = getServicePortsFromCWAgentConfig(logger, config) } @@ -115,13 +117,20 @@ func getContainerPorts(logger logr.Logger, cfg string, specPorts []corev1.Servic } func getServicePortsFromCWAgentConfig(logger logr.Logger, config *adapters.CwaConfig) []corev1.ServicePort { - servicePortsMap := getAppSignalsServicePortsMap() + servicePortsMap := make(map[int32][]corev1.ServicePort) + + getApplicationSignalsReceiversServicePorts(logger, config, servicePortsMap) getMetricsReceiversServicePorts(logger, config, servicePortsMap) getLogsReceiversServicePorts(logger, config, servicePortsMap) getTracesReceiversServicePorts(logger, config, servicePortsMap) + return PortMapToServicePortList(servicePortsMap) } +func isAppSignalEnabled(config *adapters.CwaConfig) bool { + return config.GetApplicationSignalsConfig() != nil +} + func getMetricsReceiversServicePorts(logger logr.Logger, config *adapters.CwaConfig, servicePortsMap map[int32][]corev1.ServicePort) { if config.Metrics == nil || config.Metrics.MetricsCollected == nil { return @@ -221,6 +230,16 @@ func getAppSignalsServicePortsMap() map[int32][]corev1.ServicePort { return servicePortMap } +func getApplicationSignalsReceiversServicePorts(logger logr.Logger, config *adapters.CwaConfig, servicePortsMap map[int32][]corev1.ServicePort) { + if !isAppSignalEnabled(config) { + return + } + + getReceiverServicePort(logger, AppSignalsGrpcSA, AppSignalsGrpc, corev1.ProtocolTCP, servicePortsMap) + getReceiverServicePort(logger, AppSignalsHttpSA, AppSignalsHttp, corev1.ProtocolTCP, servicePortsMap) + getReceiverServicePort(logger, AppSignalsProxySA, AppSignalsProxy, corev1.ProtocolTCP, servicePortsMap) +} + func portFromEndpoint(endpoint string) (int32, error) { var err error var port int64 diff --git a/internal/manifests/collector/ports_test.go b/internal/manifests/collector/ports_test.go index 830d5ee58..bade37cb7 100644 --- a/internal/manifests/collector/ports_test.go +++ b/internal/manifests/collector/ports_test.go @@ -16,13 +16,7 @@ import ( func TestStatsDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/statsDAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 4, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 1, len(containerPorts)) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) assert.Equal(t, CWA+StatsD, containerPorts[CWA+StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+StatsD].Protocol) @@ -31,13 +25,7 @@ func TestStatsDGetContainerPorts(t *testing.T) { func TestDefaultStatsDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/statsDDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 4, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 1, len(containerPorts)) assert.Equal(t, int32(8125), containerPorts[StatsD].ContainerPort) assert.Equal(t, StatsD, containerPorts[StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[StatsD].Protocol) @@ -46,13 +34,7 @@ func TestDefaultStatsDGetContainerPorts(t *testing.T) { func TestCollectDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/collectDAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 4, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 1, len(containerPorts)) assert.Equal(t, int32(25936), containerPorts[CWA+CollectD].ContainerPort) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+CollectD].Protocol) } @@ -60,28 +42,28 @@ func TestCollectDGetContainerPorts(t *testing.T) { func TestDefaultCollectDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/collectDDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 4, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 1, len(containerPorts)) assert.Equal(t, int32(25826), containerPorts[CollectD].ContainerPort) assert.Equal(t, CollectD, containerPorts[CollectD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CollectD].Protocol) } +func TestApplicationSignals(t *testing.T) { + cfg := getJSONStringFromFile("./test-resources/application_signals.json") + containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) + assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[CWA+AppSignalsGrpc].ContainerPort) + assert.Equal(t, CWA+AppSignalsGrpc, containerPorts[CWA+AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[CWA+AppSignalsHttp].ContainerPort) + assert.Equal(t, CWA+AppSignalsHttp, containerPorts[CWA+AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[CWA+AppSignalsProxy].ContainerPort) + assert.Equal(t, CWA+AppSignalsProxy, containerPorts[CWA+AppSignalsProxy].Name) +} + func TestEMFGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/emfAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 2, len(containerPorts)) assert.Equal(t, int32(25888), containerPorts[EMFTcp].ContainerPort) assert.Equal(t, EMFTcp, containerPorts[EMFTcp].Name) assert.Equal(t, int32(25888), containerPorts[EMFUdp].ContainerPort) @@ -92,13 +74,9 @@ func TestEMFGetContainerPorts(t *testing.T) { func TestXrayAndOTLPGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAndOTLPAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, int32(2000), containerPorts[CWA+XrayTraces].ContainerPort) + assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, int32(4327), containerPorts[CWA+OtlpGrpc].ContainerPort) assert.Equal(t, CWA+OtlpGrpc, containerPorts[CWA+OtlpGrpc].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[CWA+OtlpGrpc].Protocol) @@ -110,13 +88,9 @@ func TestXrayAndOTLPGetContainerPorts(t *testing.T) { func TestDefaultXRayAndOTLPGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAndOTLPDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, int32(2000), containerPorts[XrayTraces].ContainerPort) + assert.Equal(t, XrayTraces, containerPorts[XrayTraces].Name) assert.Equal(t, int32(4317), containerPorts[OtlpGrpc].ContainerPort) assert.Equal(t, OtlpGrpc, containerPorts[OtlpGrpc].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[OtlpGrpc].Protocol) @@ -128,13 +102,7 @@ func TestDefaultXRayAndOTLPGetContainerPorts(t *testing.T) { func TestXRayGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 2, len(containerPorts)) assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+XrayTraces].Protocol) @@ -147,13 +115,9 @@ func TestXRayWithBindAddressDefaultGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") strings.Replace(cfg, "2800", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 2, len(containerPorts)) + assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) + assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, int32(2900), containerPorts[CWA+XrayProxy].ContainerPort) assert.Equal(t, CWA+XrayProxy, containerPorts[CWA+XrayProxy].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[CWA+XrayProxy].Protocol) @@ -163,13 +127,7 @@ func TestXRayWithTCPProxyBindAddressDefaultGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") strings.Replace(cfg, "2900", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 2, len(containerPorts)) assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+XrayTraces].Protocol) @@ -178,13 +136,7 @@ func TestXRayWithTCPProxyBindAddressDefaultGetContainerPorts(t *testing.T) { func TestNilMetricsGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/nilMetrics.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 3, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 0, len(containerPorts)) } func TestMultipleReceiversGetContainerPorts(t *testing.T) { @@ -192,12 +144,12 @@ func TestMultipleReceiversGetContainerPorts(t *testing.T) { strings.Replace(cfg, "2900", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) assert.Equal(t, 11, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, int32(4315), containerPorts[CWA+AppSignalsGrpc].ContainerPort) + assert.Equal(t, CWA+AppSignalsGrpc, containerPorts[CWA+AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[CWA+AppSignalsHttp].ContainerPort) + assert.Equal(t, CWA+AppSignalsHttp, containerPorts[CWA+AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[CWA+AppSignalsProxy].ContainerPort) + assert.Equal(t, CWA+AppSignalsProxy, containerPorts[CWA+AppSignalsProxy].Name) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) assert.Equal(t, CWA+StatsD, containerPorts[CWA+StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+StatsD].Protocol) @@ -234,11 +186,9 @@ func TestSpecPortsOverrideGetContainerPorts(t *testing.T) { }, } containerPorts := getContainerPorts(logger, cfg, specPorts) - assert.Equal(t, 4, len(containerPorts)) + assert.Equal(t, 3, len(containerPorts)) assert.Equal(t, int32(12345), containerPorts[AppSignalsGrpc].ContainerPort) assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) assert.Equal(t, int32(12346), containerPorts[AppSignalsProxy].ContainerPort) assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) @@ -250,13 +200,8 @@ func TestInvalidConfigGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/nilMetrics.json") cfg = cfg + "," containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 3, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 0, len(containerPorts)) + } func getJSONStringFromFile(path string) string { diff --git a/internal/manifests/collector/test-resources/application_signals.json b/internal/manifests/collector/test-resources/application_signals.json new file mode 100644 index 000000000..48decd3c4 --- /dev/null +++ b/internal/manifests/collector/test-resources/application_signals.json @@ -0,0 +1,7 @@ +{ + "logs": { + "metrics_collected": { + "application_signals": {} + } + } +} diff --git a/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json b/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json index 74095a9ec..59b7584a1 100644 --- a/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json +++ b/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json @@ -16,7 +16,8 @@ }, "logs": { "metrics_collected": { - "emf": {} + "emf": {}, + "application_signals": {} } }, "traces": { From 377104fef918bd73579edcdac5b175823cacf3a4 Mon Sep 17 00:00:00 2001 From: Mitali Salvi <44349099+mitali-salvi@users.noreply.github.com> Date: Wed, 18 Sep 2024 11:59:08 -0400 Subject: [PATCH 65/99] Supporting K8s 1.31 (#222) --- integration-tests/generator/k8s_versions_matrix.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/integration-tests/generator/k8s_versions_matrix.json b/integration-tests/generator/k8s_versions_matrix.json index 7c184be6b..2264c0e96 100644 --- a/integration-tests/generator/k8s_versions_matrix.json +++ b/integration-tests/generator/k8s_versions_matrix.json @@ -22,5 +22,8 @@ }, { "k8sVersion": "1.30" + }, + { + "k8sVersion": "1.31" } ] \ No newline at end of file From 130eee316a60e9e69aa98f27a406f8f4f231b809 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 19 Sep 2024 16:12:49 -0400 Subject: [PATCH 66/99] Fix version back. --- versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.txt b/versions.txt index abbb3a765..a4378289a 100644 --- a/versions.txt +++ b/versions.txt @@ -12,4 +12,4 @@ aws-otel-nodejs-instrumentation=0.52.1 dcgm-exporter=3.3.7-3.5.0-ubuntu22.04 neuron-monitor=1.0.1 -target-allocator=0.0.1 \ No newline at end of file +target-allocator=0.90.0 \ No newline at end of file From 7512b4be2ca0d5cd150829c64fead42f5e1027bb Mon Sep 17 00:00:00 2001 From: musa-asad Date: Sun, 22 Sep 2024 19:50:47 -0400 Subject: [PATCH 67/99] Don't unescape 93073 for prometheus config. --- internal/manifests/collector/config_replace.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 128368834..3dd3a2cab 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -56,7 +56,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e // Check if TargetAllocator is enabled, if not, return the original config if !instance.Spec.TargetAllocator.Enabled { - prometheusConfig, err := ta.UnescapeDollarSignsInPromConfig(promConfigYaml) + prometheusConfig, err := adapters.ConfigFromString(promConfigYaml) if err != nil { return "", err } From 87964bf8fa4603066de4a66045430c01ea22df02 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Sun, 22 Sep 2024 20:10:49 -0400 Subject: [PATCH 68/99] Fix test. --- internal/manifests/collector/config_replace_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index 11954ca58..aae0c3707 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -330,7 +330,7 @@ func TestReplacePrometheusConfig(t *testing.T) { - label1 - action: replace regex: (.*) - replacement: $$1_$$2 + replacement: $1_$2 separator: ; source_labels: - label2 From 0afedf13cbe04f5b32567064f57c8b4b10c39ac3 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Sun, 22 Sep 2024 20:15:28 -0400 Subject: [PATCH 69/99] Fix test. --- internal/manifests/collector/config_replace_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index aae0c3707..e93292e10 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -269,7 +269,7 @@ func TestReplacePrometheusConfig(t *testing.T) { - label1 - action: replace regex: (.*) - replacement: $1_$2 + replacement: $$1_$$2 separator: ; source_labels: - label2 @@ -330,7 +330,7 @@ func TestReplacePrometheusConfig(t *testing.T) { - label1 - action: replace regex: (.*) - replacement: $1_$2 + replacement: $$1_$$2 separator: ; source_labels: - label2 From 95d9c66c244682a87a7b367c4dfe195e9f2f963d Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 24 Sep 2024 14:06:22 -0400 Subject: [PATCH 70/99] Removed double dollar to single dollar substitution logic. --- internal/manifests/collector/config_replace.go | 9 ++------- .../manifests/collector/config_replace_test.go | 11 ++++------- internal/manifests/collector/configmap_test.go | 2 -- .../config_expected_targetallocator.yaml | 1 - ...p_sd_config_servicemonitor_test_ta_set.yaml | 1 - .../testdata/http_sd_config_ta_test.yaml | 1 - ...relabel_config_expected_with_sd_config.yaml | 2 +- .../testdata/relabel_config_original.yaml | 2 +- .../adapters/config_to_prom_config.go | 18 +++++------------- .../adapters/config_to_prom_config_test.go | 11 +++++------ .../manifests/targetallocator/configmap.go | 2 +- 11 files changed, 19 insertions(+), 41 deletions(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 3dd3a2cab..c2e288e2d 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -21,9 +21,8 @@ import ( ) type targetAllocator struct { - Endpoint string `yaml:"endpoint"` - Interval time.Duration `yaml:"interval"` - CollectorID string `yaml:"collector_id"` + Endpoint string `yaml:"endpoint"` + Interval time.Duration `yaml:"interval"` // HTTPSDConfig is a preference that can be set for the collector's target allocator, but the operator doesn't // care about what the value is set to. We just need this for validation when unmarshalling the configmap. HTTPSDConfig interface{} `yaml:"http_sd_config,omitempty"` @@ -80,8 +79,6 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e } if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { - // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters - // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) if getCfgPromErr != nil { return "", getCfgPromErr @@ -95,8 +92,6 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e return string(out), nil } - // To avoid issues caused by Prometheus validation logic, which fails regex validation when it encounters - // $$ in the prom config, we update the YAML file directly without marshaling and unmarshalling. updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) if err != nil { return "", err diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index e93292e10..c6cf1df32 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -108,9 +108,8 @@ func TestPrometheusParser(t *testing.T) { assert.NotContains(t, prometheusConfig, "scrape_configs") expectedTAConfig := map[interface{}]interface{}{ - "endpoint": "http://test-target-allocator:80", - "interval": "30s", - "collector_id": "${POD_NAME}", + "endpoint": "http://test-target-allocator:80", + "interval": "30s", } assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) assert.NoError(t, err) @@ -163,9 +162,8 @@ func TestPrometheusParser(t *testing.T) { assert.NotContains(t, prometheusConfig, "scrape_configs") expectedTAConfig := map[interface{}]interface{}{ - "endpoint": "http://test-target-allocator:80", - "interval": "30s", - "collector_id": "${POD_NAME}", + "endpoint": "http://test-target-allocator:80", + "interval": "30s", } assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) assert.NoError(t, err) @@ -362,7 +360,6 @@ func TestReplacePrometheusConfig(t *testing.T) { scrape_interval: 1m scrape_timeout: 10s target_allocator: - collector_id: ${POD_NAME} endpoint: http://test-target-allocator:80 interval: 30s ` diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index cb752d82b..a4664790d 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -191,7 +191,6 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { - url: http://test-target-allocator:80/jobs/serviceMonitor%2Ftest%2Ftest%2F0/targets?collector_id=$POD_NAME job_name: serviceMonitor/test/test/0 target_allocator: - collector_id: ${POD_NAME} endpoint: http://test-target-allocator:80 http_sd_config: refresh_interval: 60s @@ -238,7 +237,6 @@ target_allocator: expectedData := map[string]string{ "prometheus.yaml": `config: {} target_allocator: - collector_id: ${POD_NAME} endpoint: http://test-target-allocator:80 interval: 30s `, diff --git a/internal/manifests/collector/testdata/config_expected_targetallocator.yaml b/internal/manifests/collector/testdata/config_expected_targetallocator.yaml index b7a78333e..7742ebc74 100644 --- a/internal/manifests/collector/testdata/config_expected_targetallocator.yaml +++ b/internal/manifests/collector/testdata/config_expected_targetallocator.yaml @@ -4,6 +4,5 @@ config: scrape_interval: 1m scrape_timeout: 10s target_allocator: - collector_id: ${POD_NAME} endpoint: http://test-target-allocator:80 interval: 30s \ No newline at end of file diff --git a/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml b/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml index 455cc0d1e..3c133cf42 100644 --- a/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml +++ b/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml @@ -13,6 +13,5 @@ config: target_allocator: endpoint: http://test-target-allocator:80 interval: 30s - collector_id: ${POD_NAME} http_sd_config: refresh_interval: 60s \ No newline at end of file diff --git a/internal/manifests/collector/testdata/http_sd_config_ta_test.yaml b/internal/manifests/collector/testdata/http_sd_config_ta_test.yaml index 355b59b6d..102300081 100644 --- a/internal/manifests/collector/testdata/http_sd_config_ta_test.yaml +++ b/internal/manifests/collector/testdata/http_sd_config_ta_test.yaml @@ -7,6 +7,5 @@ config: labels: my: label target_allocator: - collector_id: ${POD_NAME} endpoint: http://test-sd-target-allocator:80 interval: 60s \ No newline at end of file diff --git a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml index dc03a5073..49c8c9284 100644 --- a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml +++ b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml @@ -27,7 +27,7 @@ config: - label1 - action: replace regex: (.*) - replacement: $$1_$$2 + replacement: $1_$2 separator: ; source_labels: - label2 diff --git a/internal/manifests/collector/testdata/relabel_config_original.yaml b/internal/manifests/collector/testdata/relabel_config_original.yaml index 6a07a7da5..dc7a4f6de 100644 --- a/internal/manifests/collector/testdata/relabel_config_original.yaml +++ b/internal/manifests/collector/testdata/relabel_config_original.yaml @@ -18,7 +18,7 @@ config: source_labels: [label2] action: replace regex: (.*) - replacement: "$$1_$$2" + replacement: "$1_$2" separator: ";" - source_labels: [label4] action: labelmap diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index c6ad00a5d..f2efa211a 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -6,11 +6,9 @@ package adapters import ( "errors" "fmt" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" "net/url" "regexp" - "strings" - - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ) func errorNoComponent(component string) error { @@ -62,9 +60,8 @@ func getScrapeConfigsFromPromConfig(promConfig map[interface{}]interface{}) ([]i return scrapeConfigs, nil } -// UnescapeDollarSignsInPromConfig replaces "$$" with "$" in the "replacement" fields of -// both "relabel_configs" and "metric_relabel_configs" in a Prometheus configuration file. -func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, error) { +// GetPromConfig returns a Prometheus configuration file. +func GetPromConfig(cfg string) (map[interface{}]interface{}, error) { prometheus, err := adapters.ConfigFromString(cfg) if err != nil { return nil, err @@ -102,12 +99,10 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e continue } - replacement, rcErr := replacementProperty.(string) + _, rcErr = replacementProperty.(string) if !rcErr { return nil, errorNotAStringAtIndex("replacement", i) } - - relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") } metricRelabelConfigsProperty, ok := scrapeConfig["metric_relabel_configs"] @@ -131,12 +126,10 @@ func UnescapeDollarSignsInPromConfig(cfg string) (map[interface{}]interface{}, e continue } - replacement, ok := replacementProperty.(string) + _, ok = replacementProperty.(string) if !ok { return nil, errorNotAStringAtIndex("replacement", i) } - - relabelConfig["replacement"] = strings.ReplaceAll(replacement, "$$", "$") } } @@ -234,7 +227,6 @@ func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceNa targetAllocatorCfg["endpoint"] = fmt.Sprintf("http://%s:80", taServiceName) targetAllocatorCfg["interval"] = "30s" - targetAllocatorCfg["collector_id"] = "${POD_NAME}" // Remove the scrape_configs key from the map delete(prometheusCfg, "scrape_configs") diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index fc6fe7d3d..01dfe9cd9 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -70,7 +70,7 @@ target_allocator: assert.Equal(t, expectedData, promConfig) } -func TestUnescapeDollarSignsInPromConfig(t *testing.T) { +func TestGetPromConfig(t *testing.T) { actual := ` config: scrape_configs: @@ -104,12 +104,12 @@ config: replacement: '$1_$2' ` - config, err := ta.UnescapeDollarSignsInPromConfig(actual) + config, err := ta.GetPromConfig(actual) if err != nil { t.Errorf("unexpected error: %v", err) } - expectedConfig, err := ta.UnescapeDollarSignsInPromConfig(expected) + expectedConfig, err := ta.GetPromConfig(expected) if err != nil { t.Errorf("unexpected error: %v", err) } @@ -204,9 +204,8 @@ func TestAddTAConfigToPromConfig(t *testing.T) { expectedResult := map[interface{}]interface{}{ "config": map[interface{}]interface{}{}, "target_allocator": map[interface{}]interface{}{ - "endpoint": "http://test-target-allocator:80", - "interval": "30s", - "collector_id": "${POD_NAME}", + "endpoint": "http://test-target-allocator:80", + "interval": "30s", }, } diff --git a/internal/manifests/targetallocator/configmap.go b/internal/manifests/targetallocator/configmap.go index 34ca23123..ff5160f53 100644 --- a/internal/manifests/targetallocator/configmap.go +++ b/internal/manifests/targetallocator/configmap.go @@ -38,7 +38,7 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { return &corev1.ConfigMap{}, fmt.Errorf("%s could not convert json to yaml", err) } - prometheusConfig, err := adapters.UnescapeDollarSignsInPromConfig(promConfigYaml) + prometheusConfig, err := adapters.GetPromConfig(promConfigYaml) if err != nil { return &corev1.ConfigMap{}, err } From ce3edda1275f424853fa4255e0b7fe91948c93bb Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 24 Sep 2024 14:10:33 -0400 Subject: [PATCH 71/99] Removed more double dollar usages. --- internal/manifests/collector/config_replace_test.go | 4 ++-- .../targetallocator/adapters/config_to_prom_config_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index c6cf1df32..28c25db23 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -267,7 +267,7 @@ func TestReplacePrometheusConfig(t *testing.T) { - label1 - action: replace regex: (.*) - replacement: $$1_$$2 + replacement: $1_$2 separator: ; source_labels: - label2 @@ -328,7 +328,7 @@ func TestReplacePrometheusConfig(t *testing.T) { - label1 - action: replace regex: (.*) - replacement: $$1_$$2 + replacement: $1_$2 separator: ; source_labels: - label2 diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 01dfe9cd9..e6a3d05cb 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -78,14 +78,14 @@ config: relabel_configs: - source_labels: ['__meta_service_id'] target_label: 'job' - replacement: 'my_service_$$1' + replacement: 'my_service_$1' - source_labels: ['__meta_service_name'] target_label: 'instance' replacement: '$1' metric_relabel_configs: - source_labels: ['job'] target_label: 'job' - replacement: '$$1_$2' + replacement: '$1_$2' ` expected := ` config: From b6faf59c2f28f8e75e38f458d4cb1bd316a30e37 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 24 Sep 2024 14:14:24 -0400 Subject: [PATCH 72/99] Fix import. --- .../targetallocator/adapters/config_to_prom_config.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index f2efa211a..f759d2fa1 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -6,9 +6,10 @@ package adapters import ( "errors" "fmt" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" "net/url" "regexp" + + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ) func errorNoComponent(component string) error { From e07b0a6334d9a70e984b23e908fb807159eb4f83 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 24 Sep 2024 22:38:44 -0400 Subject: [PATCH 73/99] Remove collector_id from httpsd logic. --- internal/manifests/collector/config_replace_test.go | 4 ++-- internal/manifests/collector/configmap_test.go | 4 ++-- .../testdata/relabel_config_expected_with_sd_config.yaml | 2 +- .../targetallocator/adapters/config_to_prom_config.go | 2 +- .../targetallocator/adapters/config_to_prom_config_test.go | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index 28c25db23..ac4c8e62d 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -84,7 +84,7 @@ func TestPrometheusParser(t *testing.T) { for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { assert.Len(t, scrapeConfig.ServiceDiscoveryConfigs, 1) assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].Name(), "http") - assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].(*http.SDConfig).URL, "http://test-target-allocator:80/jobs/"+scrapeConfig.JobName+"/targets?collector_id=$POD_NAME") + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].(*http.SDConfig).URL, "http://test-target-allocator:80/jobs/"+scrapeConfig.JobName+"/targets") expectedMap[scrapeConfig.JobName] = true } for k := range expectedMap { @@ -307,7 +307,7 @@ func TestReplacePrometheusConfig(t *testing.T) { scrape_configs: - honor_labels: true http_sd_configs: - - url: http://test-target-allocator:80/jobs/service-x/targets?collector_id=$POD_NAME + - url: http://test-target-allocator:80/jobs/service-x/targets job_name: service-x metric_relabel_configs: - action: keep diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index a4664790d..cae9f1ae6 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -141,7 +141,7 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { "prometheus.yaml": `config: scrape_configs: - http_sd_configs: - - url: http://test-target-allocator:80/jobs/cloudwatch-agent/targets?collector_id=$POD_NAME + - url: http://test-target-allocator:80/jobs/cloudwatch-agent/targets job_name: cloudwatch-agent scrape_interval: 10s `, @@ -188,7 +188,7 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { "prometheus.yaml": `config: scrape_configs: - http_sd_configs: - - url: http://test-target-allocator:80/jobs/serviceMonitor%2Ftest%2Ftest%2F0/targets?collector_id=$POD_NAME + - url: http://test-target-allocator:80/jobs/serviceMonitor%2Ftest%2Ftest%2F0/targets job_name: serviceMonitor/test/test/0 target_allocator: endpoint: http://test-target-allocator:80 diff --git a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml index 49c8c9284..ad3ed3a11 100644 --- a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml +++ b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml @@ -6,7 +6,7 @@ config: scrape_configs: - honor_labels: true http_sd_configs: - - url: http://test-target-allocator:80/jobs/service-x/targets?collector_id=$POD_NAME + - url: http://test-target-allocator:80/jobs/service-x/targets job_name: service-x metric_relabel_configs: - action: keep diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index f759d2fa1..af3150090 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -194,7 +194,7 @@ func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServi escapedJob := url.QueryEscape(jobName) scrapeConfig["http_sd_configs"] = []interface{}{ map[string]interface{}{ - "url": fmt.Sprintf("http://%s:80/jobs/%s/targets?collector_id=$POD_NAME", taServiceName, escapedJob), + "url": fmt.Sprintf("http://%s:80/jobs/%s/targets", taServiceName, escapedJob), }, } } diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index e6a3d05cb..812f90a1f 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -145,7 +145,7 @@ func TestAddHTTPSDConfigToPromConfig(t *testing.T) { "job_name": "test_job", "http_sd_configs": []interface{}{ map[string]interface{}{ - "url": fmt.Sprintf("http://%s:80/jobs/%s/targets?collector_id=$POD_NAME", taServiceName, url.QueryEscape("test_job")), + "url": fmt.Sprintf("http://%s:80/jobs/%s/targets", taServiceName, url.QueryEscape("test_job")), }, }, }, From e432bd9522f821e29fafb31e8b5fc9eaebbd0d24 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 01:35:58 -0400 Subject: [PATCH 74/99] Remove unused proxy environmental variables. --- go.mod | 1 - go.sum | 8 -------- internal/manifests/targetallocator/container.go | 2 -- 3 files changed, 11 deletions(-) diff --git a/go.mod b/go.mod index 1d077c094..a2f4b7372 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,6 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/oklog/run v1.1.0 github.com/openshift/api v3.9.0+incompatible - github.com/operator-framework/operator-lib v0.11.0 github.com/prometheus-operator/prometheus-operator v0.70.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0 github.com/prometheus-operator/prometheus-operator/pkg/client v0.70.0 diff --git a/go.sum b/go.sum index b309a0f57..df92b5074 100644 --- a/go.sum +++ b/go.sum @@ -549,14 +549,10 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= @@ -569,8 +565,6 @@ github.com/openshift/api v0.0.0-20180801171038-322a19404e37 h1:05irGU4HK4IauGGDb github.com/openshift/api v0.0.0-20180801171038-322a19404e37/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9BwCisZd3rIzmHRC9Z8= -github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g= github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0= github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -1103,8 +1097,6 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/internal/manifests/targetallocator/container.go b/internal/manifests/targetallocator/container.go index 7a6931c9a..619f2550c 100644 --- a/internal/manifests/targetallocator/container.go +++ b/internal/manifests/targetallocator/container.go @@ -5,7 +5,6 @@ package targetallocator import ( "github.com/go-logr/logr" - "github.com/operator-framework/operator-lib/proxy" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" @@ -76,7 +75,6 @@ func Container(cfg config.Config, logger logr.Logger, otelcol v1alpha1.AmazonClo }, } - envVars = append(envVars, proxy.ReadProxyVarsFromEnv()...) return corev1.Container{ Name: naming.TAContainer(), Image: image, From 71d64050beef25599ee8028e238b7b39b29c6c27 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 01:39:26 -0400 Subject: [PATCH 75/99] Remove unused proxy tests. --- .../targetallocator/container_test.go | 32 ------------------- 1 file changed, 32 deletions(-) diff --git a/internal/manifests/targetallocator/container_test.go b/internal/manifests/targetallocator/container_test.go index 7d4d74a93..82f70eb14 100644 --- a/internal/manifests/targetallocator/container_test.go +++ b/internal/manifests/targetallocator/container_test.go @@ -4,11 +4,9 @@ package targetallocator import ( - "os" "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/util/intstr" @@ -211,36 +209,6 @@ func TestContainerHasEnvVars(t *testing.T) { assert.Equal(t, expected, c) } -func TestContainerHasProxyEnvVars(t *testing.T) { - err := os.Setenv("NO_PROXY", "localhost") - require.NoError(t, err) - defer os.Unsetenv("NO_PROXY") - - // prepare - otelcol := v1alpha1.AmazonCloudWatchAgent{ - Spec: v1alpha1.AmazonCloudWatchAgentSpec{ - TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ - Enabled: true, - Env: []corev1.EnvVar{ - { - Name: "TEST_ENV", - Value: "test", - }, - }, - }, - }, - } - cfg := config.New(config.WithTargetAllocatorImage("default-image")) - - // test - c := Container(cfg, logger, otelcol) - - // verify - require.Len(t, c.Env, 4) - assert.Equal(t, corev1.EnvVar{Name: "NO_PROXY", Value: "localhost"}, c.Env[2]) - assert.Equal(t, corev1.EnvVar{Name: "no_proxy", Value: "localhost"}, c.Env[3]) -} - func TestContainerDoesNotOverrideEnvVars(t *testing.T) { // prepare otelcol := v1alpha1.AmazonCloudWatchAgent{ From db066a0f092f3efe7d3ea549bf5109480af4dd3f Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 12:23:39 -0400 Subject: [PATCH 76/99] Revert "Merge branch 'main' into target-allocator-v0.90.0" This reverts commit d84410bcf3e2f0c6a5e9bce3bba26dc3cdf949f2, reversing changes made to a8852cef5e4ec903929bc4fd574aee5cc877dfad. --- .../application-signals-e2e-test.yml | 10 +- .github/workflows/eks-add-on-integ-test.yml | 9 +- .../workflows/operator-integration-test.yml | 48 +------ Dockerfile | 3 +- Makefile | 3 +- README.md | 1 - RELEASE_NOTES | 7 - .../eks/resourceCount_linuxonly_test.go | 4 +- .../eks/resourceCount_windowslinux_test.go | 4 +- .../eks/validateResources_test.go | 27 ++-- .../validate_annotation_daemonset_test.go | 32 +---- .../validate_annotation_methods.go | 25 +--- .../validate_annotations_deployment_test.go | 45 +----- .../validate_annotations_namespace_test.go | 46 +----- .../validate_annotations_statefulset_test.go | 39 +----- ..._instrumentation_nodejs_env_variables.json | 11 -- .../nodejs/sample-deployment-nodejs.yaml | 20 --- internal/manifests/collector/ports.go | 49 ++----- internal/manifests/collector/ports_test.go | 131 +++++++++++++----- .../test-resources/application_signals.json | 7 - .../multipleReceiversAgentConfig.json | 3 +- main.go | 12 +- pkg/instrumentation/auto/config.go | 3 - pkg/instrumentation/auto/config_test.go | 10 -- pkg/instrumentation/defaultinstrumentation.go | 32 +---- .../defaultinstrumentation_test.go | 111 +-------------- pkg/instrumentation/podmutator_test.go | 3 +- versions.txt | 10 +- 28 files changed, 166 insertions(+), 539 deletions(-) delete mode 100644 integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json delete mode 100644 integration-tests/nodejs/sample-deployment-nodejs.yaml delete mode 100644 internal/manifests/collector/test-resources/application_signals.json diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index ca753f04b..efff61fb4 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -23,7 +23,7 @@ concurrency: jobs: java-eks-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-eks-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-eks-e2e-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -33,7 +33,7 @@ jobs: java-metric-limiter-e2e-test: needs: [ java-eks-e2e-test ] - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/metric-limiter-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-metric-limiter-e2e-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -42,7 +42,7 @@ jobs: cw-agent-operator-tag: ${{ inputs.tag }} java-k8s-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-k8s-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-k8s-e2e-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -50,7 +50,7 @@ jobs: cw-agent-operator-tag: ${{ inputs.tag }} python-eks-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-eks-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-eks-e2e-test.yml@main needs: [ java-metric-limiter-e2e-test ] secrets: inherit with: @@ -61,7 +61,7 @@ jobs: python-k8s-e2e-test: needs: [ java-k8s-e2e-test ] - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-k8s-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-k8s-e2e-test.yml@main secrets: inherit with: aws-region: us-east-1 diff --git a/.github/workflows/eks-add-on-integ-test.yml b/.github/workflows/eks-add-on-integ-test.yml index d16388c77..f959b882b 100644 --- a/.github/workflows/eks-add-on-integ-test.yml +++ b/.github/workflows/eks-add-on-integ-test.yml @@ -83,17 +83,18 @@ jobs: - name: Confirm EKS Version Support run: | - if [[ + if [[ $(go list -m k8s.io/client-go | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/apimachinery | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/component-base | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/kubectl | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) - ]]; then + ]]; then echo k8s.io/client-go $(go list -m k8s.io/client-go) is less than ${{ matrix.arrays.k8sVersion }} echo or k8s.io/apimachinery $(go list -m k8s.io/apimachinery) is less than ${{ matrix.arrays.k8sVersion }} echo or k8s.io/component-base $(go list -m k8s.io/component-base) is less than ${{ matrix.arrays.k8sVersion }} - echo or k8s.io/kubectl $(go list -m k8s.io/kubectl) is less than ${{ matrix.arrays.k8sVersion }} - echo "[WARNING] Kubernetes dependencies are lower than the latest Kubernetes cluster version. Please check changelog to ensure no breaking changes: https://kubernetes.io/releases/" + echo or k8s.io/kubectl $(go list -m k8s.io/kubectl) is less than ${{ matrix.arrays.k8sVersion }}, fail test + echo "please run go get -u && go mod tidy" + exit 1; fi - name: Verify Terraform version diff --git a/.github/workflows/operator-integration-test.yml b/.github/workflows/operator-integration-test.yml index e19b475f8..463e9d0c3 100644 --- a/.github/workflows/operator-integration-test.yml +++ b/.github/workflows/operator-integration-test.yml @@ -127,27 +127,6 @@ jobs: go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json kubectl delete instrumentation sample-instrumentation - - name: Test for default instrumentation resources for nodejs - run: | - kubectl delete pods --all -n default - sleep 5 - cat integration-tests/nodejs/sample-deployment-nodejs.yaml - kubectl apply -f integration-tests/nodejs/sample-deployment-nodejs.yaml - sleep 5 - kubectl wait --for=condition=Available deployment/nginx -n default - kubectl get pods -A - kubectl describe pods -n default - go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json - - - name: Test for defined instrumentation resources for nodejs - run: | - kubectl apply -f integration-tests/manifests/sample-instrumentation.yaml - kubectl delete pods --all -n default - sleep 5 - kubectl wait --for=condition=Available deployment/nginx -n default - sleep 5 - go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json - kubectl delete instrumentation sample-instrumentation - name: Test for default instrumentation resources for all languages run: | @@ -163,8 +142,7 @@ jobs: kubectl apply -f integration-tests/manifests/sample-instrumentation.yaml kubectl delete pods --all -n default sleep 5 - kubectl wait --for=condition=Available deployment/nginx -n default - sleep 5 + kubectl wait --for=condition=Ready pod --all -n default go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json kubectl delete instrumentation sample-instrumentation @@ -205,12 +183,11 @@ jobs: - name: Test Annotations run: | + kubectl apply -f integration-tests/manifests/sample-deployment.yaml kubectl get pods -A kubectl describe pods -n default - sleep 10 + sleep 5 go test -v -run TestAllLanguagesDeployment ./integration-tests/manifests/annotations -timeout 30m - kubectl get pods -A - kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m sleep 5 @@ -218,8 +195,6 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m sleep 5 - go test -v -run TestNodeJSOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m - sleep 5 go test -v -run TestAnnotationsOnMultipleResources ./integration-tests/manifests/annotations -timeout 30m DaemonsetAnnotationsTest: @@ -258,12 +233,11 @@ jobs: - name: Test Annotations run: | + kubectl apply -f integration-tests/manifests/sample-daemonset.yaml sleep 5 kubectl get pods -A kubectl describe pods -n default go test -v -run TestAllLanguagesDaemonSet ./integration-tests/manifests/annotations -timeout 30m - kubectl get pods -A - kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 @@ -271,8 +245,6 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 - go test -v -run TestNodeJSOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m - sleep 5 go test -v -run TestAutoAnnotationForManualAnnotationRemoval ./integration-tests/manifests/annotations -timeout 30m StatefulsetAnnotationsTest: @@ -311,20 +283,16 @@ jobs: - name: Test Annotations run: | + kubectl apply -f integration-tests/manifests/sample-statefulset.yaml + sleep 5 kubectl get pods -A kubectl describe pods -n default go test -v -run TestAllLanguagesStatefulSet ./integration-tests/manifests/annotations -timeout 30m - kubectl get pods -A - kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 go test -v -run TestPythonOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 - go test -v -run TestDotNetOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m - sleep 5 - go test -v -run TestNodeJSOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m - sleep 5 go test -v -run TestOnlyNonAnnotatedAppsShouldBeRestarted ./integration-tests/manifests/annotations -timeout 30m @@ -374,6 +342,4 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyNamespace ./integration-tests/manifests/annotations -timeout 30m sleep 5 - go test -v -run TestNodeJSOnlyNamespace ./integration-tests/manifests/annotations -timeout 30m - sleep 5 - go test -v -run TestAlreadyAutoAnnotatedResourceShouldNotRestart ./integration-tests/manifests/annotations -timeout 30m \ No newline at end of file + go test -v -run TestAlreadyAutoAnnotatedResourceShouldNotRestart ./integration-tests/manifests/annotations -timeout 30m diff --git a/Dockerfile b/Dockerfile index b84b082f4..d0764f1fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,13 +27,12 @@ ARG AGENT_VERSION ARG AUTO_INSTRUMENTATION_JAVA_VERSION ARG AUTO_INSTRUMENTATION_PYTHON_VERSION ARG AUTO_INSTRUMENTATION_DOTNET_VERSION -ARG AUTO_INSTRUMENTATION_NODEJS_VERSION ARG DCMG_EXPORTER_VERSION ARG NEURON_MONITOR_VERSION ARG TARGET_ALLOCATOR_VERSION # Build -RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.autoInstrumentationNodeJS=${AUTO_INSTRUMENTATION_NODEJS_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGET_ALLOCATOR_VERSION}" -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGET_ALLOCATOR_VERSION} " -a -o manager main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/Makefile b/Makefile index a1d5d2ebb..5c110c081 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,6 @@ AGENT_VERSION ?= "$(shell grep -v '\#' versions.txt | grep cloudwatch-agent | aw AUTO_INSTRUMENTATION_JAVA_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-java-instrumentation | awk -F= '{print $$2}')" AUTO_INSTRUMENTATION_PYTHON_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-python-instrumentation | awk -F= '{print $$2}')" AUTO_INSTRUMENTATION_DOTNET_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-dotnet-instrumentation | awk -F= '{print $$2}')" -AUTO_INSTRUMENTATION_NODEJS_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-nodejs-instrumentation | awk -F= '{print $$2}')" DCGM_EXPORTER_VERSION ?= "$(shell grep -v '\#' versions.txt | grep dcgm-exporter | awk -F= '{print $$2}')" NEURON_MONITOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep neuron-monitor | awk -F= '{print $$2}')" TARGET_ALLOCATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep target-allocator | awk -F= '{print $$2}')" @@ -163,7 +162,7 @@ generate: controller-gen api-docs # buildx is used to ensure same results for arm based systems (m1/2 chips) .PHONY: container container: - docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg AUTO_INSTRUMENTATION_NODEJS_VERSION=${AUTO_INSTRUMENTATION_NODEJS_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGET_ALLOCATOR_VERSION=${TARGET_ALLOCATOR_VERSION} . + docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGET_ALLOCATOR_VERSION=${TARGET_ALLOCATOR_VERSION} . # Push the container image, used only for local dev purposes .PHONY: container-push diff --git a/README.md b/README.md index 706926de2..c7b30c028 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,6 @@ Supported Languages: - Java - Python - .NET -- NodeJS This repo is based off of the [OpenTelemetry Operator](https://github.com/open-telemetry/opentelemetry-operator) diff --git a/RELEASE_NOTES b/RELEASE_NOTES index 940371afe..4fd0a5445 100644 --- a/RELEASE_NOTES +++ b/RELEASE_NOTES @@ -1,13 +1,6 @@ -======================================================================== -Amazon CloudWatch Agent Operator v1.7.0 (2024-09-03) -======================================================================== -Enhancements: -* [ApplicationSignals] Support NodeJS auto-instrumentation on Linux platforms - ======================================================================== Amazon CloudWatch Agent Operator v1.6.0 (2024-07-30) ======================================================================== -Enhancements: * [ApplicationSignals] Allow configurable resource requests and limits for auto-instrumentation SDK init containers (#196) ======================================================================== diff --git a/integration-tests/eks/resourceCount_linuxonly_test.go b/integration-tests/eks/resourceCount_linuxonly_test.go index f63ec37eb..89041dffb 100644 --- a/integration-tests/eks/resourceCount_linuxonly_test.go +++ b/integration-tests/eks/resourceCount_linuxonly_test.go @@ -9,11 +9,11 @@ package eks_addon const ( // Services count for CW agent on Linux and Windows serviceCountLinux = 6 - serviceCountWindows = 6 + serviceCountWindows = 3 // DaemonSet count for CW agent on Linux and Windows daemonsetCountLinux = 4 - daemonsetCountWindows = 3 + daemonsetCountWindows = 2 // Pods count for CW agent on Linux and Windows podCountLinux = 3 diff --git a/integration-tests/eks/resourceCount_windowslinux_test.go b/integration-tests/eks/resourceCount_windowslinux_test.go index d7d46a456..e7831d491 100644 --- a/integration-tests/eks/resourceCount_windowslinux_test.go +++ b/integration-tests/eks/resourceCount_windowslinux_test.go @@ -9,11 +9,11 @@ package eks_addon const ( // Services count for CW agent on Linux and Windows serviceCountLinux = 6 - serviceCountWindows = 6 + serviceCountWindows = 3 // DaemonSet count for CW agent on Linux and Windows daemonsetCountLinux = 4 - daemonsetCountWindows = 3 + daemonsetCountWindows = 2 // Pods count for CW agent on Linux and Windows podCountLinux = 3 diff --git a/integration-tests/eks/validateResources_test.go b/integration-tests/eks/validateResources_test.go index 0d79e2e18..90ca15efe 100644 --- a/integration-tests/eks/validateResources_test.go +++ b/integration-tests/eks/validateResources_test.go @@ -26,18 +26,17 @@ import ( ) const ( - nameSpace = "amazon-cloudwatch" - addOnName = "amazon-cloudwatch-observability" - agentName = "cloudwatch-agent" - agentNameWindows = "cloudwatch-agent-windows" - agentNameWindowsContainerInsights = "cloudwatch-agent-windows-container-insights" - operatorName = addOnName + "-controller-manager" - fluentBitName = "fluent-bit" - fluentBitNameWindows = "fluent-bit-windows" - dcgmExporterName = "dcgm-exporter" - neuronMonitor = "neuron-monitor" - podNameRegex = "(" + agentName + "|" + agentNameWindows + "|" + agentNameWindowsContainerInsights + "|" + operatorName + "|" + fluentBitName + "|" + fluentBitNameWindows + ")-*" - serviceNameRegex = agentName + "(-headless|-monitoring)?|" + agentNameWindows + "(-headless|-monitoring)?|" + agentNameWindowsContainerInsights + "(-headless|-monitoring)?|" + addOnName + "-webhook-service|" + dcgmExporterName + "-service|" + neuronMonitor + "-service" + nameSpace = "amazon-cloudwatch" + addOnName = "amazon-cloudwatch-observability" + agentName = "cloudwatch-agent" + agentNameWindows = "cloudwatch-agent-windows" + operatorName = addOnName + "-controller-manager" + fluentBitName = "fluent-bit" + fluentBitNameWindows = "fluent-bit-windows" + dcgmExporterName = "dcgm-exporter" + neuronMonitor = "neuron-monitor" + podNameRegex = "(" + agentName + "|" + agentNameWindows + "|" + operatorName + "|" + fluentBitName + "|" + fluentBitNameWindows + ")-*" + serviceNameRegex = agentName + "(-headless|-monitoring)?|" + agentNameWindows + "(-headless|-monitoring)?|" + addOnName + "-webhook-service|" + dcgmExporterName + "-service|" + neuronMonitor + "-service" ) const ( @@ -103,9 +102,6 @@ func TestOperatorOnEKs(t *testing.T) { // - cloudwatch-agent-windows // - cloudwatch-agent-windows-headless // - cloudwatch-agent-windows-monitoring - // - cloudwatch-agent-windows-container-insights - // - cloudwatch-agent-windows-container-insights-headless - // - cloudwatch-agent-windows-container-insights-monitoring // - dcgm-exporter-service // - neuron-monitor-service if match, _ := regexp.MatchString(serviceNameRegex, service.Name); !match { @@ -137,7 +133,6 @@ func TestOperatorOnEKs(t *testing.T) { // matches // - cloudwatch-agent // - cloudwatch-agent-windows - // - cloudwatch-agent-windows-container-insights // - fluent-bit // - fluent-bit-windows // - dcgm-exporter (this can be removed in the future) diff --git a/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go b/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go index 5aae96ee0..bacbb22c4 100644 --- a/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go +++ b/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go @@ -42,12 +42,6 @@ func TestAllLanguagesDaemonSet(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{""}, }, - NodeJS: auto.AnnotationResources{ - Namespaces: []string{""}, - DaemonSets: []string{filepath.Join(uniqueNamespace, daemonSetName)}, - Deployments: []string{""}, - StatefulSets: []string{""}, - }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -57,7 +51,7 @@ func TestAllLanguagesDaemonSet(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } @@ -162,27 +156,3 @@ func TestDotNetOnlyDaemonSet(t *testing.T) { } } -func TestNodeJSOnlyDaemonSet(t *testing.T) { - clientSet := setupTest(t) - randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) - if err != nil { - panic(err) - } - randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace - uniqueNamespace := fmt.Sprintf("daemonset-namespace-nodejs-only-%d", randomNumber) - annotationConfig := auto.AnnotationConfig{ - NodeJS: auto.AnnotationResources{ - DaemonSets: []string{filepath.Join(uniqueNamespace, daemonSetName)}, - }, - } - jsonStr, err := json.Marshal(annotationConfig) - if err != nil { - t.Error("Error:", err) - } - startTime := time.Now() - updateTheOperator(t, clientSet, string(jsonStr)) - - if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { - t.Fatalf("Failed annotation check: %s", err.Error()) - } -} diff --git a/integration-tests/manifests/annotations/validate_annotation_methods.go b/integration-tests/manifests/annotations/validate_annotation_methods.go index b9f8da0e1..4acb6eb5c 100644 --- a/integration-tests/manifests/annotations/validate_annotation_methods.go +++ b/integration-tests/manifests/annotations/validate_annotation_methods.go @@ -35,9 +35,6 @@ const ( injectDotNetAnnotation = "instrumentation.opentelemetry.io/inject-dotnet" autoAnnotateDotNetAnnotation = "cloudwatch.aws.amazon.com/auto-annotate-dotnet" - injectNodeJSAnnotation = "instrumentation.opentelemetry.io/inject-nodejs" - autoAnnotateNodeJSAnnotation = "cloudwatch.aws.amazon.com/auto-annotate-nodejs" - deploymentName = "sample-deployment" nginxDeploymentName = "nginx" statefulSetName = "sample-statefulset" @@ -178,9 +175,8 @@ func checkNameSpaceAnnotations(t *testing.T, clientSet *kubernetes.Clientset, ex fmt.Println("There was an error getting namespace, ", err) return false } - for _, annotation := range expectedAnnotations { - fmt.Printf("\n This is the annotation: %v and its status %v, namespace name: %v, \n", ns.ObjectMeta.Annotations, ns.Status, ns.Name) + fmt.Printf("\n This is the annotation: %v and its status %v, namespace name: %v, \n", annotation, ns.Status, ns.Name) if ns.ObjectMeta.Annotations[annotation] != "true" { time.Sleep(timeBetweenRetries) correct = false @@ -265,25 +261,6 @@ func checkIfAnnotationExists(clientset *kubernetes.Clientset, pods *v1.PodList, } fmt.Println("Annotations not found in all pods or some pods are not in Running phase. Retrying...") - cmd := exec.Command("kubectl", "rollout", "restart", "deployment", amazonControllerManager, "-n", amazonCloudwatchNamespace) - - // Run the command and capture the output - output, err := cmd.CombinedOutput() - if err != nil { - fmt.Printf("Error restarting deployment: %v\n", err) - fmt.Printf("Output: %s\n", output) - } else { - fmt.Printf("Successfully deleted deployment: %s\n", output) - } - waitCmd := exec.Command("kubectl", "wait", "--for=condition=Available", "deployment/"+amazonControllerManager, "-n", amazonCloudwatchNamespace, "--timeout=300s") - - waitOutput, err := waitCmd.CombinedOutput() - if err != nil { - fmt.Printf("Error waiting for deployment: %v\n", err) - fmt.Printf("Output: %s\n", waitOutput) - } else { - fmt.Printf("Deployment is now available: %s\n", waitOutput) - } time.Sleep(timeBetweenRetries) } } diff --git a/integration-tests/manifests/annotations/validate_annotations_deployment_test.go b/integration-tests/manifests/annotations/validate_annotations_deployment_test.go index 27697e61d..8c0a91cea 100644 --- a/integration-tests/manifests/annotations/validate_annotations_deployment_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_deployment_test.go @@ -44,12 +44,6 @@ func TestAllLanguagesDeployment(t *testing.T) { Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, StatefulSets: []string{""}, }, - NodeJS: auto.AnnotationResources{ - Namespaces: []string{""}, - DaemonSets: []string{""}, - Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, - StatefulSets: []string{""}, - }, } jsonStr, err := json.Marshal(annotationConfig) assert.Nil(t, err) @@ -57,7 +51,7 @@ func TestAllLanguagesDeployment(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } @@ -173,40 +167,3 @@ func TestDotNetOnlyDeployment(t *testing.T) { } } - -func TestNodeJSOnlyDeployment(t *testing.T) { - - clientSet := setupTest(t) - randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) - if err != nil { - panic(err) - } - randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace - uniqueNamespace := fmt.Sprintf("deployment-namespace-nodejs-only-%d", randomNumber) - - annotationConfig := auto.AnnotationConfig{ - NodeJS: auto.AnnotationResources{ - Namespaces: []string{""}, - DaemonSets: []string{""}, - Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, - StatefulSets: []string{""}, - }, - } - jsonStr, err := json.Marshal(annotationConfig) - if err != nil { - t.Error("Error:", err) - t.Error("Error:", err) - - } - - startTime := time.Now() - updateTheOperator(t, clientSet, string(jsonStr)) - if err != nil { - t.Errorf("Failed to get deployment app: %s", err.Error()) - } - - if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { - t.Fatalf("Failed annotation check: %s", err.Error()) - } - -} diff --git a/integration-tests/manifests/annotations/validate_annotations_namespace_test.go b/integration-tests/manifests/annotations/validate_annotations_namespace_test.go index 57edc1e22..4f8e97316 100644 --- a/integration-tests/manifests/annotations/validate_annotations_namespace_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_namespace_test.go @@ -50,12 +50,6 @@ func TestAllLanguagesNamespace(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{""}, }, - NodeJS: auto.AnnotationResources{ - Namespaces: []string{uniqueNamespace}, - DaemonSets: []string{""}, - Deployments: []string{""}, - StatefulSets: []string{""}, - }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -64,7 +58,7 @@ func TestAllLanguagesNamespace(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if !checkNameSpaceAnnotations(t, clientSet, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, uniqueNamespace, startTime) { + if !checkNameSpaceAnnotations(t, clientSet, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, uniqueNamespace, startTime) { t.Error("Missing Languages annotations") } } @@ -190,44 +184,6 @@ func TestDotNetOnlyNamespace(t *testing.T) { } } -func TestNodeJSOnlyNamespace(t *testing.T) { - - clientSet := setupTest(t) - randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) - if err != nil { - panic(err) - } - randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace - uniqueNamespace := fmt.Sprintf("namespace-nodejs-only-%d", randomNumber) - if err := createNamespace(clientSet, uniqueNamespace); err != nil { - t.Fatalf("Failed to create/apply resoures on namespace: %v", err) - } - - defer func() { - if err := deleteNamespace(clientSet, uniqueNamespace); err != nil { - t.Fatalf("Failed to delete namespace: %v", err) - } - }() - - annotationConfig := auto.AnnotationConfig{ - NodeJS: auto.AnnotationResources{ - Namespaces: []string{uniqueNamespace}, - }, - } - jsonStr, err := json.Marshal(annotationConfig) - if err != nil { - t.Error("Error:", err) - } - - startTime := time.Now() - - updateTheOperator(t, clientSet, string(jsonStr)) - - if !checkNameSpaceAnnotations(t, clientSet, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, uniqueNamespace, startTime) { - t.Error("Missing nodejs annotations") - } -} - // Multiple resources on the same namespace should all get annotations func TestAnnotationsOnMultipleResources(t *testing.T) { diff --git a/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go b/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go index 4f8ccea04..3e25f34e9 100644 --- a/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go @@ -42,12 +42,6 @@ func TestAllLanguagesStatefulSet(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, }, - NodeJS: auto.AnnotationResources{ - Namespaces: []string{""}, - DaemonSets: []string{""}, - Deployments: []string{""}, - StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, - }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -55,7 +49,7 @@ func TestAllLanguagesStatefulSet(t *testing.T) { } startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } } @@ -156,36 +150,7 @@ func TestDotNetOnlyStatefulSet(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { - t.Fatalf("Failed annotation check: %s", err.Error()) - } -} -func TestNodeJSOnlyStatefulSet(t *testing.T) { - - clientSet := setupTest(t) - randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) - if err != nil { - panic(err) - } - randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace - uniqueNamespace := fmt.Sprintf("statefulset-namespace-nodejs-only-%d", randomNumber) - annotationConfig := auto.AnnotationConfig{ - NodeJS: auto.AnnotationResources{ - Namespaces: []string{""}, - DaemonSets: []string{""}, - Deployments: []string{""}, - StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, - }, - } - jsonStr, err := json.Marshal(annotationConfig) - if err != nil { - t.Error("Error:", err) - } - - startTime := time.Now() - updateTheOperator(t, clientSet, string(jsonStr)) - - if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } } diff --git a/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json b/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json deleted file mode 100644 index a075b8eed..000000000 --- a/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json +++ /dev/null @@ -1,11 +0,0 @@ - -{ -"OTEL_AWS_APPLICATION_SIGNALS_ENABLED": "true", -"OTEL_TRACES_SAMPLER_ARG" : "endpoint=http://cloudwatch-agent.amazon-cloudwatch:2000", -"OTEL_TRACES_SAMPLER": "xray", -"OTEL_EXPORTER_OTLP_PROTOCOL": "http/protobuf", -"OTEL_EXPORTER_OTLP_TRACES_ENDPOINT" : "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces", -"OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT": "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics", -"OTEL_METRICS_EXPORTER": "none", -"OTEL_LOGS_EXPORTER": "none" -} \ No newline at end of file diff --git a/integration-tests/nodejs/sample-deployment-nodejs.yaml b/integration-tests/nodejs/sample-deployment-nodejs.yaml deleted file mode 100644 index a5d57aa32..000000000 --- a/integration-tests/nodejs/sample-deployment-nodejs.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx -spec: - selector: - matchLabels: - app: nginx - template: - metadata: - labels: - app: nginx - annotations: - instrumentation.opentelemetry.io/inject-nodejs: "true" - spec: - containers: - - name: nginx - image: nginx:1.14.2 - restartPolicy: Always -status: {} \ No newline at end of file diff --git a/internal/manifests/collector/ports.go b/internal/manifests/collector/ports.go index 55fed0c2c..eeb80250e 100644 --- a/internal/manifests/collector/ports.go +++ b/internal/manifests/collector/ports.go @@ -21,22 +21,19 @@ import ( ) const ( - StatsD = "statsd" - CollectD = "collectd" - XrayProxy = "aws-proxy" - XrayTraces = "aws-traces" - OtlpGrpc = "otlp-grpc" - OtlpHttp = "otlp-http" - AppSignalsGrpc = "appsig-grpc" - AppSignalsHttp = "appsig-http" - AppSignalsProxy = "appsig-xray" - AppSignalsGrpcSA = ":4315" - AppSignalsHttpSA = ":4316" - AppSignalsProxySA = ":2000" - EMF = "emf" - EMFTcp = "emf-tcp" - EMFUdp = "emf-udp" - CWA = "cwa-" + StatsD = "statsd" + CollectD = "collectd" + XrayProxy = "aws-proxy" + XrayTraces = "aws-traces" + OtlpGrpc = "otlp-grpc" + OtlpHttp = "otlp-http" + AppSignalsGrpc = "appsignals-grpc" + AppSignalsHttp = "appsignals-http" + AppSignalsProxy = "appsignals-xray" + EMF = "emf" + EMFTcp = "emf-tcp" + EMFUdp = "emf-udp" + CWA = "cwa-" ) var receiverDefaultPortsMap = map[string]int32{ @@ -82,6 +79,7 @@ func getContainerPorts(logger logr.Logger, cfg string, specPorts []corev1.Servic config, err := adapters.ConfigStructFromJSONString(cfg) if err != nil { logger.Error(err, "error parsing cw agent config") + servicePorts = PortMapToServicePortList(AppSignalsPortToServicePortMap) } else { servicePorts = getServicePortsFromCWAgentConfig(logger, config) } @@ -117,20 +115,13 @@ func getContainerPorts(logger logr.Logger, cfg string, specPorts []corev1.Servic } func getServicePortsFromCWAgentConfig(logger logr.Logger, config *adapters.CwaConfig) []corev1.ServicePort { - servicePortsMap := make(map[int32][]corev1.ServicePort) - - getApplicationSignalsReceiversServicePorts(logger, config, servicePortsMap) + servicePortsMap := getAppSignalsServicePortsMap() getMetricsReceiversServicePorts(logger, config, servicePortsMap) getLogsReceiversServicePorts(logger, config, servicePortsMap) getTracesReceiversServicePorts(logger, config, servicePortsMap) - return PortMapToServicePortList(servicePortsMap) } -func isAppSignalEnabled(config *adapters.CwaConfig) bool { - return config.GetApplicationSignalsConfig() != nil -} - func getMetricsReceiversServicePorts(logger logr.Logger, config *adapters.CwaConfig, servicePortsMap map[int32][]corev1.ServicePort) { if config.Metrics == nil || config.Metrics.MetricsCollected == nil { return @@ -230,16 +221,6 @@ func getAppSignalsServicePortsMap() map[int32][]corev1.ServicePort { return servicePortMap } -func getApplicationSignalsReceiversServicePorts(logger logr.Logger, config *adapters.CwaConfig, servicePortsMap map[int32][]corev1.ServicePort) { - if !isAppSignalEnabled(config) { - return - } - - getReceiverServicePort(logger, AppSignalsGrpcSA, AppSignalsGrpc, corev1.ProtocolTCP, servicePortsMap) - getReceiverServicePort(logger, AppSignalsHttpSA, AppSignalsHttp, corev1.ProtocolTCP, servicePortsMap) - getReceiverServicePort(logger, AppSignalsProxySA, AppSignalsProxy, corev1.ProtocolTCP, servicePortsMap) -} - func portFromEndpoint(endpoint string) (int32, error) { var err error var port int64 diff --git a/internal/manifests/collector/ports_test.go b/internal/manifests/collector/ports_test.go index bade37cb7..830d5ee58 100644 --- a/internal/manifests/collector/ports_test.go +++ b/internal/manifests/collector/ports_test.go @@ -16,7 +16,13 @@ import ( func TestStatsDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/statsDAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 1, len(containerPorts)) + assert.Equal(t, 4, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) assert.Equal(t, CWA+StatsD, containerPorts[CWA+StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+StatsD].Protocol) @@ -25,7 +31,13 @@ func TestStatsDGetContainerPorts(t *testing.T) { func TestDefaultStatsDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/statsDDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 1, len(containerPorts)) + assert.Equal(t, 4, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(8125), containerPorts[StatsD].ContainerPort) assert.Equal(t, StatsD, containerPorts[StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[StatsD].Protocol) @@ -34,7 +46,13 @@ func TestDefaultStatsDGetContainerPorts(t *testing.T) { func TestCollectDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/collectDAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 1, len(containerPorts)) + assert.Equal(t, 4, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(25936), containerPorts[CWA+CollectD].ContainerPort) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+CollectD].Protocol) } @@ -42,28 +60,28 @@ func TestCollectDGetContainerPorts(t *testing.T) { func TestDefaultCollectDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/collectDDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 1, len(containerPorts)) + assert.Equal(t, 4, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(25826), containerPorts[CollectD].ContainerPort) assert.Equal(t, CollectD, containerPorts[CollectD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CollectD].Protocol) } -func TestApplicationSignals(t *testing.T) { - cfg := getJSONStringFromFile("./test-resources/application_signals.json") - containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 3, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[CWA+AppSignalsGrpc].ContainerPort) - assert.Equal(t, CWA+AppSignalsGrpc, containerPorts[CWA+AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[CWA+AppSignalsHttp].ContainerPort) - assert.Equal(t, CWA+AppSignalsHttp, containerPorts[CWA+AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[CWA+AppSignalsProxy].ContainerPort) - assert.Equal(t, CWA+AppSignalsProxy, containerPorts[CWA+AppSignalsProxy].Name) -} - func TestEMFGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/emfAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 2, len(containerPorts)) + assert.Equal(t, 5, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(25888), containerPorts[EMFTcp].ContainerPort) assert.Equal(t, EMFTcp, containerPorts[EMFTcp].Name) assert.Equal(t, int32(25888), containerPorts[EMFUdp].ContainerPort) @@ -74,9 +92,13 @@ func TestEMFGetContainerPorts(t *testing.T) { func TestXrayAndOTLPGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAndOTLPAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 3, len(containerPorts)) - assert.Equal(t, int32(2000), containerPorts[CWA+XrayTraces].ContainerPort) - assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) + assert.Equal(t, 5, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(4327), containerPorts[CWA+OtlpGrpc].ContainerPort) assert.Equal(t, CWA+OtlpGrpc, containerPorts[CWA+OtlpGrpc].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[CWA+OtlpGrpc].Protocol) @@ -88,9 +110,13 @@ func TestXrayAndOTLPGetContainerPorts(t *testing.T) { func TestDefaultXRayAndOTLPGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAndOTLPDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 3, len(containerPorts)) - assert.Equal(t, int32(2000), containerPorts[XrayTraces].ContainerPort) - assert.Equal(t, XrayTraces, containerPorts[XrayTraces].Name) + assert.Equal(t, 5, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(4317), containerPorts[OtlpGrpc].ContainerPort) assert.Equal(t, OtlpGrpc, containerPorts[OtlpGrpc].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[OtlpGrpc].Protocol) @@ -102,7 +128,13 @@ func TestDefaultXRayAndOTLPGetContainerPorts(t *testing.T) { func TestXRayGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 2, len(containerPorts)) + assert.Equal(t, 5, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+XrayTraces].Protocol) @@ -115,9 +147,13 @@ func TestXRayWithBindAddressDefaultGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") strings.Replace(cfg, "2800", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 2, len(containerPorts)) - assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) - assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) + assert.Equal(t, 5, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(2900), containerPorts[CWA+XrayProxy].ContainerPort) assert.Equal(t, CWA+XrayProxy, containerPorts[CWA+XrayProxy].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[CWA+XrayProxy].Protocol) @@ -127,7 +163,13 @@ func TestXRayWithTCPProxyBindAddressDefaultGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") strings.Replace(cfg, "2900", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 2, len(containerPorts)) + assert.Equal(t, 5, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+XrayTraces].Protocol) @@ -136,7 +178,13 @@ func TestXRayWithTCPProxyBindAddressDefaultGetContainerPorts(t *testing.T) { func TestNilMetricsGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/nilMetrics.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 0, len(containerPorts)) + assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) } func TestMultipleReceiversGetContainerPorts(t *testing.T) { @@ -144,12 +192,12 @@ func TestMultipleReceiversGetContainerPorts(t *testing.T) { strings.Replace(cfg, "2900", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) assert.Equal(t, 11, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[CWA+AppSignalsGrpc].ContainerPort) - assert.Equal(t, CWA+AppSignalsGrpc, containerPorts[CWA+AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[CWA+AppSignalsHttp].ContainerPort) - assert.Equal(t, CWA+AppSignalsHttp, containerPorts[CWA+AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[CWA+AppSignalsProxy].ContainerPort) - assert.Equal(t, CWA+AppSignalsProxy, containerPorts[CWA+AppSignalsProxy].Name) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) assert.Equal(t, CWA+StatsD, containerPorts[CWA+StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+StatsD].Protocol) @@ -186,9 +234,11 @@ func TestSpecPortsOverrideGetContainerPorts(t *testing.T) { }, } containerPorts := getContainerPorts(logger, cfg, specPorts) - assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, 4, len(containerPorts)) assert.Equal(t, int32(12345), containerPorts[AppSignalsGrpc].ContainerPort) assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) assert.Equal(t, int32(12346), containerPorts[AppSignalsProxy].ContainerPort) assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) @@ -200,8 +250,13 @@ func TestInvalidConfigGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/nilMetrics.json") cfg = cfg + "," containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 0, len(containerPorts)) - + assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) + assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) + assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) + assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) } func getJSONStringFromFile(path string) string { diff --git a/internal/manifests/collector/test-resources/application_signals.json b/internal/manifests/collector/test-resources/application_signals.json deleted file mode 100644 index 48decd3c4..000000000 --- a/internal/manifests/collector/test-resources/application_signals.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "logs": { - "metrics_collected": { - "application_signals": {} - } - } -} diff --git a/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json b/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json index 59b7584a1..74095a9ec 100644 --- a/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json +++ b/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json @@ -16,8 +16,7 @@ }, "logs": { "metrics_collected": { - "emf": {}, - "application_signals": {} + "emf": {} } }, "traces": { diff --git a/main.go b/main.go index 0b033475a..9c6bd260b 100644 --- a/main.go +++ b/main.go @@ -49,7 +49,6 @@ const ( autoInstrumentationJavaImageRepository = "public.ecr.aws/aws-observability/adot-autoinstrumentation-java" autoInstrumentationPythonImageRepository = "public.ecr.aws/aws-observability/adot-autoinstrumentation-python" autoInstrumentationDotNetImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet" - autoInstrumentationNodeJSImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs" dcgmExporterImageRepository = "nvcr.io/nvidia/k8s/dcgm-exporter" neuronMonitorImageRepository = "public.ecr.aws/neuron" targetAllocatorImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/target-allocator" @@ -120,7 +119,6 @@ func main() { autoInstrumentationJava string autoInstrumentationPython string autoInstrumentationDotNet string - autoInstrumentationNodeJS string autoAnnotationConfigStr string autoInstrumentationConfigStr string webhookPort int @@ -137,7 +135,6 @@ func main() { stringFlagOrEnv(&autoInstrumentationJava, "auto-instrumentation-java-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_JAVA", fmt.Sprintf("%s:%s", autoInstrumentationJavaImageRepository, v.AutoInstrumentationJava), "The default OpenTelemetry Java instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoInstrumentationPython, "auto-instrumentation-python-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_PYTHON", fmt.Sprintf("%s:%s", autoInstrumentationPythonImageRepository, v.AutoInstrumentationPython), "The default OpenTelemetry Python instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoInstrumentationDotNet, "auto-instrumentation-dotnet-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_DOTNET", fmt.Sprintf("%s:%s", autoInstrumentationDotNetImageRepository, v.AutoInstrumentationDotNet), "The default OpenTelemetry Dotnet instrumentation image. This image is used when no image is specified in the CustomResource.") - stringFlagOrEnv(&autoInstrumentationNodeJS, "auto-instrumentation-nodejs-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_NODEJS", fmt.Sprintf("%s:%s", autoInstrumentationNodeJSImageRepository, v.AutoInstrumentationNodeJS), "The default OpenTelemetry NodeJS instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoAnnotationConfigStr, "auto-annotation-config", "AUTO_ANNOTATION_CONFIG", "", "The configuration for auto-annotation.") pflag.StringVar(&autoInstrumentationConfigStr, "auto-instrumentation-config", "", "The configuration for auto-instrumentation.") stringFlagOrEnv(&dcgmExporterImage, "dcgm-exporter-image", "RELATED_IMAGE_DCGM_EXPORTER", fmt.Sprintf("%s:%s", dcgmExporterImageRepository, v.DcgmExporter), "The default DCGM Exporter image. This image is used when no image is specified in the CustomResource.") @@ -146,7 +143,7 @@ func main() { pflag.Parse() // set instrumentation cpu and memory limits in environment variables to be used for default instrumentation; default values received from https://github.com/open-telemetry/opentelemetry-operator/blob/main/apis/v1alpha1/instrumentation_webhook.go - autoInstrumentationConfig := map[string]map[string]map[string]string{"java": {"limits": {"cpu": "500m", "memory": "64Mi"}, "requests": {"cpu": "50m", "memory": "64Mi"}}, "python": {"limits": {"cpu": "500m", "memory": "32Mi"}, "requests": {"cpu": "50m", "memory": "32Mi"}}, "dotnet": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}, "nodejs": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}} + autoInstrumentationConfig := map[string]map[string]map[string]string{"java": {"limits": {"cpu": "500m", "memory": "64Mi"}, "requests": {"cpu": "50m", "memory": "64Mi"}}, "python": {"limits": {"cpu": "500m", "memory": "32Mi"}, "requests": {"cpu": "50m", "memory": "32Mi"}}, "dotnet": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}} err := json.Unmarshal([]byte(autoInstrumentationConfigStr), &autoInstrumentationConfig) if err != nil { setupLog.Info(fmt.Sprintf("Using default values: %v", autoInstrumentationConfig)) @@ -160,15 +157,11 @@ func main() { if dotNetVar, ok := autoInstrumentationConfig["dotnet"]; ok { setLangEnvVars("DOTNET", dotNetVar) } - if nodeJSVar, ok := autoInstrumentationConfig["nodejs"]; ok { - setLangEnvVars("NODEJS", nodeJSVar) - } // set supported language instrumentation images in environment variable to be used for default instrumentation os.Setenv("AUTO_INSTRUMENTATION_JAVA", autoInstrumentationJava) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", autoInstrumentationPython) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", autoInstrumentationDotNet) - os.Setenv("AUTO_INSTRUMENTATION_NODEJS", autoInstrumentationNodeJS) logger := zap.New(zap.UseFlagOptions(&opts)) ctrl.SetLogger(logger) @@ -179,7 +172,6 @@ func main() { "auto-instrumentation-java", autoInstrumentationJava, "auto-instrumentation-python", autoInstrumentationPython, "auto-instrumentation-dotnet", autoInstrumentationDotNet, - "auto-instrumentation-nodejs", autoInstrumentationNodeJS, "dcgm-exporter", dcgmExporterImage, "neuron-monitor", neuronMonitorImage, "amazon-cloudwatch-agent-target-allocator", targetAllocatorImage, @@ -196,7 +188,6 @@ func main() { config.WithAutoInstrumentationJavaImage(autoInstrumentationJava), config.WithAutoInstrumentationPythonImage(autoInstrumentationPython), config.WithAutoInstrumentationDotNetImage(autoInstrumentationDotNet), - config.WithAutoInstrumentationNodeJSImage(autoInstrumentationNodeJS), config.WithDcgmExporterImage(dcgmExporterImage), config.WithNeuronMonitorImage(neuronMonitorImage), config.WithTargetAllocatorImage(targetAllocatorImage), @@ -295,7 +286,6 @@ func main() { instrumentation.TypeJava, instrumentation.TypePython, instrumentation.TypeDotNet, - instrumentation.TypeNodeJS, ), ) mgr.GetWebhookServer().Register("/mutate-v1-workload", &webhook.Admission{ diff --git a/pkg/instrumentation/auto/config.go b/pkg/instrumentation/auto/config.go index 12b5e9e6d..30ade1eef 100644 --- a/pkg/instrumentation/auto/config.go +++ b/pkg/instrumentation/auto/config.go @@ -11,7 +11,6 @@ type AnnotationConfig struct { Java AnnotationResources `json:"java"` Python AnnotationResources `json:"python"` DotNet AnnotationResources `json:"dotnet"` - NodeJS AnnotationResources `json:"nodejs"` } func (c AnnotationConfig) getResources(instType instrumentation.Type) AnnotationResources { @@ -22,8 +21,6 @@ func (c AnnotationConfig) getResources(instType instrumentation.Type) Annotation return c.Python case instrumentation.TypeDotNet: return c.DotNet - case instrumentation.TypeNodeJS: - return c.NodeJS default: return AnnotationResources{} } diff --git a/pkg/instrumentation/auto/config_test.go b/pkg/instrumentation/auto/config_test.go index de563df67..1300ad9dc 100644 --- a/pkg/instrumentation/auto/config_test.go +++ b/pkg/instrumentation/auto/config_test.go @@ -31,14 +31,7 @@ func TestConfig(t *testing.T) { DaemonSets: []string{"ds3"}, StatefulSets: []string{"ss3"}, }, - NodeJS: AnnotationResources{ - Namespaces: []string{"n3"}, - Deployments: []string{"d3"}, - DaemonSets: []string{"ds3"}, - StatefulSets: []string{"ss3"}, - }, } - assert.Equal(t, cfg.Java, cfg.getResources(instrumentation.TypeJava)) assert.Equal(t, []string{"n1"}, getNamespaces(cfg.Java)) assert.Equal(t, []string{"d1"}, getDeployments(cfg.Java)) @@ -49,7 +42,4 @@ func TestConfig(t *testing.T) { assert.Equal(t, []string{"ds3"}, getDaemonSets(cfg.DotNet)) assert.Equal(t, []string{"ss3"}, getStatefulSets(cfg.DotNet)) assert.Equal(t, AnnotationResources{}, cfg.getResources("invalidType")) - assert.Equal(t, cfg.NodeJS, cfg.getResources(instrumentation.TypeNodeJS)) - assert.Equal(t, []string{"ds3"}, getDaemonSets(cfg.NodeJS)) - assert.Equal(t, []string{"ss3"}, getStatefulSets(cfg.NodeJS)) } diff --git a/pkg/instrumentation/defaultinstrumentation.go b/pkg/instrumentation/defaultinstrumentation.go index a16857280..e9946148c 100644 --- a/pkg/instrumentation/defaultinstrumentation.go +++ b/pkg/instrumentation/defaultinstrumentation.go @@ -18,10 +18,10 @@ import ( ) const ( - defaultAPIVersion = "cloudwatch.aws.amazon.com/v1alpha1" - defaultInstrumentation = "java-instrumentation" - defaultNamespace = "default" - defaultKind = "Instrumentation" + defaultAPIVersion = "cloudwatch.aws.amazon.com/v1alpha1" + defaultInstrumenation = "java-instrumentation" + defaultNamespace = "default" + defaultKind = "Instrumentation" http = "http" https = "https" @@ -29,7 +29,6 @@ const ( java = "JAVA" python = "PYTHON" dotNet = "DOTNET" - nodeJS = "NODEJS" limit = "LIMIT" request = "REQUEST" ) @@ -63,10 +62,6 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo if !ok { return nil, errors.New("unable to determine dotnet instrumentation image") } - nodeJSInstrumentationImage, ok := os.LookupEnv("AUTO_INSTRUMENTATION_NODEJS") - if !ok { - return nil, errors.New("unable to determine nodejs instrumentation image") - } cloudwatchAgentServiceEndpoint := "cloudwatch-agent.amazon-cloudwatch" if isWindowsPod { @@ -91,7 +86,7 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumentation, + Name: defaultInstrumenation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -162,23 +157,6 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo Requests: getInstrumentationConfigForResource(dotNet, request), }, }, - NodeJS: v1alpha1.NodeJS{ - Image: nodeJSInstrumentationImage, - Env: []corev1.EnvVar{ - {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, - {Name: "OTEL_TRACES_SAMPLER_ARG", Value: fmt.Sprintf("endpoint=%s://%s:2000", exporterPrefix, cloudwatchAgentServiceEndpoint)}, - {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, - {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, - {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: fmt.Sprintf("%s://%s:4316/v1/traces", exporterPrefix, cloudwatchAgentServiceEndpoint)}, - {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: fmt.Sprintf("%s://%s:4316/v1/metrics", exporterPrefix, cloudwatchAgentServiceEndpoint)}, - {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, - {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, - }, - Resources: corev1.ResourceRequirements{ - Limits: getInstrumentationConfigForResource(nodeJS, limit), - Requests: getInstrumentationConfigForResource(nodeJS, request), - }, - }, }, }, nil } diff --git a/pkg/instrumentation/defaultinstrumentation_test.go b/pkg/instrumentation/defaultinstrumentation_test.go index bb1d920ff..ebe5c3f3c 100644 --- a/pkg/instrumentation/defaultinstrumentation_test.go +++ b/pkg/instrumentation/defaultinstrumentation_test.go @@ -21,7 +21,6 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_JAVA", defaultJavaInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", defaultPythonInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", defaultDotNetInstrumentationImage) - os.Setenv("AUTO_INSTRUMENTATION_NODEJS", defaultNodeJSInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_LIMIT", "500m") os.Setenv("AUTO_INSTRUMENTATION_JAVA_MEM_LIMIT", "64Mi") os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_REQUEST", "50m") @@ -34,10 +33,6 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_LIMIT", "128Mi") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_CPU_REQUEST", "50m") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_REQUEST", "128Mi") - os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_LIMIT", "500m") - os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_LIMIT", "128Mi") - os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_REQUEST", "50m") - os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_REQUEST", "128Mi") httpInst := &v1alpha1.Instrumentation{ Status: v1alpha1.InstrumentationStatus{}, @@ -46,7 +41,7 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumentation, + Name: defaultInstrumenation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -135,29 +130,6 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { }, }, }, - NodeJS: v1alpha1.NodeJS{ - Image: defaultNodeJSInstrumentationImage, - Env: []corev1.EnvVar{ - {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, - {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=http://cloudwatch-agent.amazon-cloudwatch:2000"}, - {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, - {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, - {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces"}, - {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics"}, - {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, - {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, - }, - Resources: corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("500m"), - corev1.ResourceMemory: resource.MustParse("128Mi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("50m"), - corev1.ResourceMemory: resource.MustParse("128Mi"), - }, - }, - }, }, } httpsInst := &v1alpha1.Instrumentation{ @@ -167,7 +139,7 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumentation, + Name: defaultInstrumenation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -256,29 +228,6 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { }, }, }, - NodeJS: v1alpha1.NodeJS{ - Image: defaultNodeJSInstrumentationImage, - Env: []corev1.EnvVar{ - {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, - {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=https://cloudwatch-agent.amazon-cloudwatch:2000"}, - {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, - {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, - {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "https://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces"}, - {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "https://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics"}, - {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, - {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, - }, - Resources: corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("500m"), - corev1.ResourceMemory: resource.MustParse("128Mi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("50m"), - corev1.ResourceMemory: resource.MustParse("128Mi"), - }, - }, - }, }, } @@ -337,14 +286,12 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { } }) } - } func Test_getDefaultInstrumentationWindows(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_JAVA", defaultJavaInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", defaultPythonInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", defaultDotNetInstrumentationImage) - os.Setenv("AUTO_INSTRUMENTATION_NODEJS", defaultNodeJSInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_LIMIT", "500m") os.Setenv("AUTO_INSTRUMENTATION_JAVA_MEM_LIMIT", "64Mi") os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_REQUEST", "50m") @@ -357,10 +304,6 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_LIMIT", "128Mi") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_CPU_REQUEST", "50m") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_REQUEST", "128Mi") - os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_LIMIT", "500m") - os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_LIMIT", "128Mi") - os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_REQUEST", "50m") - os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_REQUEST", "128Mi") httpInst := &v1alpha1.Instrumentation{ Status: v1alpha1.InstrumentationStatus{}, @@ -369,7 +312,7 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumentation, + Name: defaultInstrumenation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -458,29 +401,6 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { }, }, }, - NodeJS: v1alpha1.NodeJS{ - Image: defaultNodeJSInstrumentationImage, - Env: []corev1.EnvVar{ - {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, - {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:2000"}, - {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, - {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, - {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/traces"}, - {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/metrics"}, - {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, - {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, - }, - Resources: corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("500m"), - corev1.ResourceMemory: resource.MustParse("128Mi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("50m"), - corev1.ResourceMemory: resource.MustParse("128Mi"), - }, - }, - }, }, } httpsInst := &v1alpha1.Instrumentation{ @@ -490,7 +410,7 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumentation, + Name: defaultInstrumenation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -579,29 +499,6 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { }, }, }, - NodeJS: v1alpha1.NodeJS{ - Image: defaultNodeJSInstrumentationImage, - Env: []corev1.EnvVar{ - {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, - {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:2000"}, - {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, - {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, - {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/traces"}, - {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/metrics"}, - {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, - {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, - }, - Resources: corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("500m"), - corev1.ResourceMemory: resource.MustParse("128Mi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("50m"), - corev1.ResourceMemory: resource.MustParse("128Mi"), - }, - }, - }, }, } diff --git a/pkg/instrumentation/podmutator_test.go b/pkg/instrumentation/podmutator_test.go index cbf66bc2f..f00c78540 100644 --- a/pkg/instrumentation/podmutator_test.go +++ b/pkg/instrumentation/podmutator_test.go @@ -27,11 +27,11 @@ const ( defaultJavaInstrumentationImage = "test.registry/adot-autoinstrumentation-java:test-tag" defaultPythonInstrumentationImage = "test.registry/adot-autoinstrumentation-python:test-tag" defaultDotNetInstrumentationImage = "test.registry/adot-autoinstrumentation-dotnet:test-tag" - defaultNodeJSInstrumentationImage = "test.registry/adot-autoinstrumentation-nodejs:test-tag" ) func TestGetInstrumentationInstanceFromNameSpaceDefault(t *testing.T) { defaultInst, _ := getDefaultInstrumentation(&adapters.CwaConfig{}, false) + namespace := corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: "default-namespace", @@ -49,6 +49,7 @@ func TestGetInstrumentationInstanceFromNameSpaceDefault(t *testing.T) { assert.Nil(t, err) assert.Equal(t, defaultInst, instrumentation) + } func TestMutatePod(t *testing.T) { diff --git a/versions.txt b/versions.txt index a4378289a..0133818fc 100644 --- a/versions.txt +++ b/versions.txt @@ -1,15 +1,15 @@ # Represents the latest stable release of the CloudWatch Agent -cloudwatch-agent=1.300045.0b810 +cloudwatch-agent=1.300041.0b681 # Represents the current release of the CloudWatch Agent Operator. -operator=1.7.0 +operator=1.4.1 # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 aws-otel-python-instrumentation=v0.2.0 +# This needs to be updated with the latest release of ADOT SDK aws-otel-dotnet-instrumentation=1.6.0 -aws-otel-nodejs-instrumentation=0.52.1 -dcgm-exporter=3.3.7-3.5.0-ubuntu22.04 -neuron-monitor=1.0.1 +dcgm-exporter=3.3.3-3.3.1-ubuntu22.04 +neuron-monitor=1.0.0 target-allocator=0.90.0 \ No newline at end of file From f4783e27c8e23fa0336ae69a6fe0eac2114a5ba8 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 12:26:29 -0400 Subject: [PATCH 77/99] Revert "Merge branch 'target-allocator' into target-allocator-v0.90.0" This reverts commit 646940a65ce1eff54739156c01b146e88439dc66, reversing changes made to d1246887643f37121e5ffc4586c88810a7696058. --- versions.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/versions.txt b/versions.txt index 0133818fc..4c7c50deb 100644 --- a/versions.txt +++ b/versions.txt @@ -4,6 +4,9 @@ cloudwatch-agent=1.300041.0b681 # Represents the current release of the CloudWatch Agent Operator. operator=1.4.1 +# Represents the current release of the Target Allocator. +target-allocator=0.90.0 + # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 aws-otel-python-instrumentation=v0.2.0 From 923cb42f92bae6bc7e04207e8a92d133cba90399 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 12:27:04 -0400 Subject: [PATCH 78/99] Revert "Merge branch 'aws:main' into target-allocator-v0.90.0" This reverts commit d1246887643f37121e5ffc4586c88810a7696058, reversing changes made to 8134bde536ae9f62791c8ed01819e2a75d844c5c. --- integration-tests/generator/k8s_versions_matrix.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/integration-tests/generator/k8s_versions_matrix.json b/integration-tests/generator/k8s_versions_matrix.json index 2264c0e96..7c184be6b 100644 --- a/integration-tests/generator/k8s_versions_matrix.json +++ b/integration-tests/generator/k8s_versions_matrix.json @@ -22,8 +22,5 @@ }, { "k8sVersion": "1.30" - }, - { - "k8sVersion": "1.31" } ] \ No newline at end of file From 32e6e72d065ebb9f1980f03340e477a93c911ed8 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 12:30:19 -0400 Subject: [PATCH 79/99] Revert "Merge branch 'target-allocator' into target-allocator-v0.90.0" This reverts commit 8134bde536ae9f62791c8ed01819e2a75d844c5c, reversing changes made to d84410bcf3e2f0c6a5e9bce3bba26dc3cdf949f2. --- Makefile | 20 - .../Dockerfile | 19 - .../allocation/allocator.go | 60 -- .../allocation/consistent_hashing.go | 284 -------- .../allocation/consistent_hashing_test.go | 136 ---- .../allocation/strategy.go | 118 ---- .../allocation/strategy_test.go | 125 ---- .../collector/collector.go | 132 ---- .../collector/collector_test.go | 210 ------ .../config/config.go | 170 ----- .../config/config_test.go | 212 ------ .../config/flags.go | 59 -- .../config/flags_test.go | 86 --- .../config/testdata/config_test.yaml | 17 - .../config/testdata/file_sd_test.json | 18 - .../config/testdata/no_config.yaml | 0 .../testdata/pod_service_selector_test.yaml | 14 - .../diff/diff.go | 52 -- .../diff/diff_test.go | 97 --- .../main.go | 230 ------- .../prehook/prehook.go | 53 -- .../prehook/relabel.go | 99 --- .../prehook/relabel_test.go | 259 -------- .../server/bench_test.go | 259 -------- .../server/mocks_test.go | 27 - .../server/server.go | 229 ------- .../server/server_test.go | 606 ------------------ .../target/discovery.go | 145 ----- .../target/discovery_test.go | 402 ------------ .../target/target.go | 44 -- .../target/testdata/test.yaml | 17 - .../target/testdata/test_update.yaml | 14 - .../watcher/file.go | 79 --- .../watcher/promOperator.go | 359 ----------- .../watcher/promOperator_test.go | 416 ------------ .../watcher/watcher.go | 40 -- go.mod | 81 +-- go.sum | 255 +------- 38 files changed, 48 insertions(+), 5395 deletions(-) delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/allocator.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/collector/collector.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/config.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/flags.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/flags_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/config_test.yaml delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/file_sd_test.json delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/no_config.yaml delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/pod_service_selector_test.yaml delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/diff/diff.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/diff/diff_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/main.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/prehook/prehook.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/server/bench_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/server/mocks_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/server/server.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/server/server_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/discovery.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/discovery_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/target.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test.yaml delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test_update.yaml delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/watcher/file.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator_test.go delete mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/watcher/watcher.go diff --git a/Makefile b/Makefile index 5c110c081..2523acd77 100644 --- a/Makefile +++ b/Makefile @@ -16,9 +16,6 @@ IMG_REPO ?= cloudwatch-agent-operator IMG ?= ${IMG_PREFIX}/${IMG_REPO}:${VERSION} ARCH ?= $(shell go env GOARCH) -TARGET_ALLOCATOR_IMG_REPO ?= target-allocator -TARGET_ALLOCATOR_IMG ?= ${IMG_PREFIX}/${TARGET_ALLOCATOR_IMG_REPO}:${TARGET_ALLOCATOR_VERSION} - # Options for 'bundle-build' ifneq ($(origin CHANNELS), undefined) BUNDLE_CHANNELS := --channels=$(CHANNELS) @@ -99,10 +96,6 @@ test: generate fmt vet envtest .PHONY: manager manager: generate fmt vet go build -o bin/manager main.go -# Build target allocator binary -.PHONY: targetallocator -targetallocator: - cd cmd/amazon-cloudwatch-agent-target-allocator && CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(ARCH) go build -installsuffix cgo -o bin/targetallocator_${ARCH} -ldflags "${LDFLAGS}" . # Run against the configured Kubernetes cluster in ~/.kube/config .PHONY: run @@ -169,19 +162,6 @@ container: container-push: docker push ${IMG} -.PHONY: container-target-allocator-push -container-target-allocator-push: - docker push ${TARGET_ALLOCATOR_IMG} - -.PHONY: container-target-allocator -container-target-allocator: GOOS = linux -container-target-allocator: targetallocator - docker buildx build --load --platform linux/${ARCH} -t ${TARGET_ALLOCATOR_IMG} cmd/amazon-cloudwatch-agent-target-allocator - -.PHONY: ta-build-and-push -ta-build-and-push: container-target-allocator -ta-build-and-push: container-target-allocator-push - .PHONY: kustomize kustomize: ## Download kustomize locally if necessary. $(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile b/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile deleted file mode 100644 index 1a2b9b7a2..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -# Get CA certificates from the Alpine package repo -FROM alpine:3.18 as certificates - -RUN apk --no-cache add ca-certificates - -# Start a new stage from scratch -FROM scratch - -ARG TARGETARCH - -WORKDIR /root/ - -# Copy the certs -COPY --from=certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt - -# Copy binary built on the host -COPY bin/targetallocator_${TARGETARCH} ./main - -ENTRYPOINT ["./main"] diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/allocator.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/allocator.go deleted file mode 100644 index ad55f7e4e..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/allocator.go +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package allocation - -import ( - "fmt" - "strconv" - - "github.com/prometheus/common/model" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -func colIndex(index, numCols int) int { - if numCols == 0 { - return -1 - } - return index % numCols -} - -func MakeNNewTargets(n int, numCollectors int, startingIndex int) map[string]*target.Item { - toReturn := map[string]*target.Item{} - for i := startingIndex; i < n+startingIndex; i++ { - collector := fmt.Sprintf("collector-%d", colIndex(i, numCollectors)) - label := model.LabelSet{ - "collector": model.LabelValue(collector), - "i": model.LabelValue(strconv.Itoa(i)), - "total": model.LabelValue(strconv.Itoa(n + startingIndex)), - } - newTarget := target.NewItem(fmt.Sprintf("test-job-%d", i), fmt.Sprintf("test-url-%d", i), label, collector) - toReturn[newTarget.Hash()] = newTarget - } - return toReturn -} - -func MakeNCollectors(n int, startingIndex int) map[string]*Collector { - toReturn := map[string]*Collector{} - for i := startingIndex; i < n+startingIndex; i++ { - collector := fmt.Sprintf("collector-%d", i) - toReturn[collector] = &Collector{ - Name: collector, - NumTargets: 0, - } - } - return toReturn -} - -func MakeNNewTargetsWithEmptyCollectors(n int, startingIndex int) map[string]*target.Item { - toReturn := map[string]*target.Item{} - for i := startingIndex; i < n+startingIndex; i++ { - label := model.LabelSet{ - "i": model.LabelValue(strconv.Itoa(i)), - "total": model.LabelValue(strconv.Itoa(n + startingIndex)), - } - newTarget := target.NewItem(fmt.Sprintf("test-job-%d", i), fmt.Sprintf("test-url-%d", i), label, "") - toReturn[newTarget.Hash()] = newTarget - } - return toReturn -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing.go deleted file mode 100644 index 4bff39eee..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing.go +++ /dev/null @@ -1,284 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package allocation - -import ( - "strings" - "sync" - - "github.com/buraksezer/consistent" - "github.com/cespare/xxhash/v2" - "github.com/go-logr/logr" - "github.com/prometheus/client_golang/prometheus" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/diff" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -var _ Allocator = &consistentHashingAllocator{} - -const consistentHashingStrategyName = "consistent-hashing" - -type hasher struct{} - -func (h hasher) Sum64(data []byte) uint64 { - return xxhash.Sum64(data) -} - -type consistentHashingAllocator struct { - // m protects consistentHasher, collectors and targetItems for concurrent use. - m sync.RWMutex - - consistentHasher *consistent.Consistent - - // collectors is a map from a Collector's name to a Collector instance - // collectorKey -> collector pointer - collectors map[string]*Collector - - // targetItems is a map from a target item's hash to the target items allocated state - // targetItem hash -> target item pointer - targetItems map[string]*target.Item - - // collectorKey -> job -> target item hash -> true - targetItemsPerJobPerCollector map[string]map[string]map[string]bool - - log logr.Logger - - filter Filter -} - -func newConsistentHashingAllocator(log logr.Logger, opts ...AllocationOption) Allocator { - config := consistent.Config{ - PartitionCount: 1061, - ReplicationFactor: 5, - Load: 1.1, - Hasher: hasher{}, - } - consistentHasher := consistent.New(nil, config) - chAllocator := &consistentHashingAllocator{ - consistentHasher: consistentHasher, - collectors: make(map[string]*Collector), - targetItems: make(map[string]*target.Item), - targetItemsPerJobPerCollector: make(map[string]map[string]map[string]bool), - log: log, - } - for _, opt := range opts { - opt(chAllocator) - } - - return chAllocator -} - -// SetFilter sets the filtering hook to use. -func (c *consistentHashingAllocator) SetFilter(filter Filter) { - c.filter = filter -} - -// addCollectorTargetItemMapping keeps track of which collector has which jobs and targets -// this allows the allocator to respond without any extra allocations to http calls. The caller of this method -// has to acquire a lock. -func (c *consistentHashingAllocator) addCollectorTargetItemMapping(tg *target.Item) { - if c.targetItemsPerJobPerCollector[tg.CollectorName] == nil { - c.targetItemsPerJobPerCollector[tg.CollectorName] = make(map[string]map[string]bool) - } - if c.targetItemsPerJobPerCollector[tg.CollectorName][tg.JobName] == nil { - c.targetItemsPerJobPerCollector[tg.CollectorName][tg.JobName] = make(map[string]bool) - } - c.targetItemsPerJobPerCollector[tg.CollectorName][tg.JobName][tg.Hash()] = true -} - -// addTargetToTargetItems assigns a target to the collector based on its hash and adds it to the allocator's targetItems -// This method is called from within SetTargets and SetCollectors, which acquire the needed lock. -// This is only called after the collectors are cleared or when a new target has been found in the tempTargetMap. -// INVARIANT: c.collectors must have at least 1 collector set. -// NOTE: by not creating a new target item, there is the potential for a race condition where we modify this target -// item while it's being encoded by the server JSON handler. -func (c *consistentHashingAllocator) addTargetToTargetItems(tg *target.Item) { - // Check if this is a reassignment, if so, decrement the previous collector's NumTargets - if previousColName, ok := c.collectors[tg.CollectorName]; ok { - previousColName.NumTargets-- - delete(c.targetItemsPerJobPerCollector[tg.CollectorName][tg.JobName], tg.Hash()) - TargetsPerCollector.WithLabelValues(previousColName.String(), consistentHashingStrategyName).Set(float64(c.collectors[previousColName.String()].NumTargets)) - } - colOwner := c.consistentHasher.LocateKey([]byte(strings.Join(tg.TargetURL, ""))) - tg.CollectorName = colOwner.String() - c.targetItems[tg.Hash()] = tg - c.addCollectorTargetItemMapping(tg) - c.collectors[colOwner.String()].NumTargets++ - TargetsPerCollector.WithLabelValues(colOwner.String(), consistentHashingStrategyName).Set(float64(c.collectors[colOwner.String()].NumTargets)) -} - -// handleTargets receives the new and removed targets and reconciles the current state. -// Any removals are removed from the allocator's targetItems and unassigned from the corresponding collector. -// Any net-new additions are assigned to the next available collector. -func (c *consistentHashingAllocator) handleTargets(diff diff.Changes[*target.Item]) { - // Check for removals - for k, item := range c.targetItems { - // if the current item is in the removals list - if _, ok := diff.Removals()[k]; ok { - col := c.collectors[item.CollectorName] - col.NumTargets-- - delete(c.targetItems, k) - delete(c.targetItemsPerJobPerCollector[item.CollectorName][item.JobName], item.Hash()) - TargetsPerCollector.WithLabelValues(item.CollectorName, consistentHashingStrategyName).Set(float64(col.NumTargets)) - } - } - - // Check for additions - for k, item := range diff.Additions() { - // Do nothing if the item is already there - if _, ok := c.targetItems[k]; ok { - continue - } else { - // Add item to item pool and assign a collector - c.addTargetToTargetItems(item) - } - } -} - -// handleCollectors receives the new and removed collectors and reconciles the current state. -// Any removals are removed from the allocator's collectors. New collectors are added to the allocator's collector map. -// Finally, update all targets' collectors to match the consistent hashing. -func (c *consistentHashingAllocator) handleCollectors(diff diff.Changes[*Collector]) { - // Clear removed collectors - for _, k := range diff.Removals() { - delete(c.collectors, k.Name) - delete(c.targetItemsPerJobPerCollector, k.Name) - c.consistentHasher.Remove(k.Name) - TargetsPerCollector.WithLabelValues(k.Name, consistentHashingStrategyName).Set(0) - } - // Insert the new collectors - for _, i := range diff.Additions() { - c.collectors[i.Name] = NewCollector(i.Name) - c.consistentHasher.Add(c.collectors[i.Name]) - } - - // Re-Allocate all targets - for _, item := range c.targetItems { - c.addTargetToTargetItems(item) - } -} - -// SetTargets accepts a list of targets that will be used to make -// load balancing decisions. This method should be called when there are -// new targets discovered or existing targets are shutdown. -func (c *consistentHashingAllocator) SetTargets(targets map[string]*target.Item) { - timer := prometheus.NewTimer(TimeToAssign.WithLabelValues("SetTargets", consistentHashingStrategyName)) - defer timer.ObserveDuration() - - if c.filter != nil { - targets = c.filter.Apply(targets) - } - RecordTargetsKept(targets) - - c.m.Lock() - defer c.m.Unlock() - - if len(c.collectors) == 0 { - c.log.Info("No collector instances present, saving targets to allocate to collector(s)") - // If there were no targets discovered previously, assign this as the new set of target items - if len(c.targetItems) == 0 { - c.log.Info("Not discovered any targets previously, saving targets found to the targetItems set") - for k, item := range targets { - c.targetItems[k] = item - } - } else { - // If there were previously discovered targets, add or remove accordingly - targetsDiffEmptyCollectorSet := diff.Maps(c.targetItems, targets) - - // Check for additions - if len(targetsDiffEmptyCollectorSet.Additions()) > 0 { - c.log.Info("New targets discovered, adding new targets to the targetItems set") - for k, item := range targetsDiffEmptyCollectorSet.Additions() { - // Do nothing if the item is already there - if _, ok := c.targetItems[k]; ok { - continue - } else { - // Add item to item pool - c.targetItems[k] = item - } - } - } - - // Check for deletions - if len(targetsDiffEmptyCollectorSet.Removals()) > 0 { - c.log.Info("Targets removed, Removing targets from the targetItems set") - for k := range targetsDiffEmptyCollectorSet.Removals() { - // Delete item from target items - delete(c.targetItems, k) - } - } - } - return - } - // Check for target changes - targetsDiff := diff.Maps(c.targetItems, targets) - // If there are any additions or removals - if len(targetsDiff.Additions()) != 0 || len(targetsDiff.Removals()) != 0 { - c.handleTargets(targetsDiff) - } -} - -// SetCollectors sets the set of collectors with key=collectorName, value=Collector object. -// This method is called when Collectors are added or removed. -func (c *consistentHashingAllocator) SetCollectors(collectors map[string]*Collector) { - timer := prometheus.NewTimer(TimeToAssign.WithLabelValues("SetCollectors", consistentHashingStrategyName)) - defer timer.ObserveDuration() - - CollectorsAllocatable.WithLabelValues(consistentHashingStrategyName).Set(float64(len(collectors))) - if len(collectors) == 0 { - c.log.Info("No collector instances present") - return - } - - c.m.Lock() - defer c.m.Unlock() - - // Check for collector changes - collectorsDiff := diff.Maps(c.collectors, collectors) - if len(collectorsDiff.Additions()) != 0 || len(collectorsDiff.Removals()) != 0 { - c.handleCollectors(collectorsDiff) - } - c.log.Info("Setting collector completed") -} - -func (c *consistentHashingAllocator) GetTargetsForCollectorAndJob(collector string, job string) []*target.Item { - c.m.RLock() - defer c.m.RUnlock() - if _, ok := c.targetItemsPerJobPerCollector[collector]; !ok { - return []*target.Item{} - } - if _, ok := c.targetItemsPerJobPerCollector[collector][job]; !ok { - return []*target.Item{} - } - targetItemsCopy := make([]*target.Item, len(c.targetItemsPerJobPerCollector[collector][job])) - index := 0 - for targetHash := range c.targetItemsPerJobPerCollector[collector][job] { - targetItemsCopy[index] = c.targetItems[targetHash] - index++ - } - return targetItemsCopy -} - -// TargetItems returns a shallow copy of the targetItems map. -func (c *consistentHashingAllocator) TargetItems() map[string]*target.Item { - c.m.RLock() - defer c.m.RUnlock() - targetItemsCopy := make(map[string]*target.Item) - for k, v := range c.targetItems { - targetItemsCopy[k] = v - } - return targetItemsCopy -} - -// Collectors returns a shallow copy of the collectors map. -func (c *consistentHashingAllocator) Collectors() map[string]*Collector { - c.m.RLock() - defer c.m.RUnlock() - collectorsCopy := make(map[string]*Collector) - for k, v := range c.collectors { - collectorsCopy[k] = v - } - return collectorsCopy -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing_test.go deleted file mode 100644 index 8070c0ed2..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing_test.go +++ /dev/null @@ -1,136 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package allocation - -import ( - "testing" - - "github.com/stretchr/testify/assert" - logf "sigs.k8s.io/controller-runtime/pkg/log" -) - -var logger = logf.Log.WithName("unit-tests") - -func TestCanSetSingleTarget(t *testing.T) { - cols := MakeNCollectors(3, 0) - c := newConsistentHashingAllocator(logger) - c.SetCollectors(cols) - c.SetTargets(MakeNNewTargets(1, 3, 0)) - actualTargetItems := c.TargetItems() - assert.Len(t, actualTargetItems, 1) - for _, item := range actualTargetItems { - assert.Equal(t, "collector-0", item.CollectorName) - } -} - -func TestRelativelyEvenDistribution(t *testing.T) { - numCols := 15 - numItems := 10000 - cols := MakeNCollectors(numCols, 0) - var expectedPerCollector = float64(numItems / numCols) - expectedDelta := (expectedPerCollector * 1.5) - expectedPerCollector - c := newConsistentHashingAllocator(logger) - c.SetCollectors(cols) - c.SetTargets(MakeNNewTargets(numItems, 0, 0)) - actualTargetItems := c.TargetItems() - assert.Len(t, actualTargetItems, numItems) - actualCollectors := c.Collectors() - assert.Len(t, actualCollectors, numCols) - for _, col := range actualCollectors { - assert.InDelta(t, col.NumTargets, expectedPerCollector, expectedDelta) - } -} - -func TestFullReallocation(t *testing.T) { - cols := MakeNCollectors(10, 0) - c := newConsistentHashingAllocator(logger) - c.SetCollectors(cols) - c.SetTargets(MakeNNewTargets(10000, 10, 0)) - actualTargetItems := c.TargetItems() - assert.Len(t, actualTargetItems, 10000) - actualCollectors := c.Collectors() - assert.Len(t, actualCollectors, 10) - newCols := MakeNCollectors(10, 10) - c.SetCollectors(newCols) - updatedTargetItems := c.TargetItems() - assert.Len(t, updatedTargetItems, 10000) - updatedCollectors := c.Collectors() - assert.Len(t, updatedCollectors, 10) - for _, item := range updatedTargetItems { - _, ok := updatedCollectors[item.CollectorName] - assert.True(t, ok, "Some items weren't reallocated correctly") - } -} - -func TestNumRemapped(t *testing.T) { - numItems := 10_000 - numInitialCols := 15 - numFinalCols := 16 - expectedDelta := float64((numFinalCols - numInitialCols) * (numItems / numFinalCols)) - cols := MakeNCollectors(numInitialCols, 0) - c := newConsistentHashingAllocator(logger) - c.SetCollectors(cols) - c.SetTargets(MakeNNewTargets(numItems, numInitialCols, 0)) - actualTargetItems := c.TargetItems() - assert.Len(t, actualTargetItems, numItems) - actualCollectors := c.Collectors() - assert.Len(t, actualCollectors, numInitialCols) - newCols := MakeNCollectors(numFinalCols, 0) - c.SetCollectors(newCols) - updatedTargetItems := c.TargetItems() - assert.Len(t, updatedTargetItems, numItems) - updatedCollectors := c.Collectors() - assert.Len(t, updatedCollectors, numFinalCols) - countRemapped := 0 - countNotRemapped := 0 - for _, item := range updatedTargetItems { - previousItem, ok := actualTargetItems[item.Hash()] - assert.True(t, ok) - if previousItem.CollectorName != item.CollectorName { - countRemapped++ - } else { - countNotRemapped++ - } - } - assert.InDelta(t, numItems/numFinalCols, countRemapped, expectedDelta) -} - -func TestTargetsWithNoCollectorsConsistentHashing(t *testing.T) { - - c := newConsistentHashingAllocator(logger) - - // Adding 10 new targets - numItems := 10 - c.SetTargets(MakeNNewTargetsWithEmptyCollectors(numItems, 0)) - actualTargetItems := c.TargetItems() - assert.Len(t, actualTargetItems, numItems) - - // Adding 5 new targets, and removing the old 10 targets - numItemsUpdate := 5 - c.SetTargets(MakeNNewTargetsWithEmptyCollectors(numItemsUpdate, 10)) - actualTargetItemsUpdated := c.TargetItems() - assert.Len(t, actualTargetItemsUpdated, numItemsUpdate) - - // Adding 5 new targets, and one existing target - numItemsUpdate = 6 - c.SetTargets(MakeNNewTargetsWithEmptyCollectors(numItemsUpdate, 14)) - actualTargetItemsUpdated = c.TargetItems() - assert.Len(t, actualTargetItemsUpdated, numItemsUpdate) - - // Adding collectors to test allocation - numCols := 2 - cols := MakeNCollectors(2, 0) - c.SetCollectors(cols) - var expectedPerCollector = float64(numItemsUpdate / numCols) - expectedDelta := (expectedPerCollector * 1.5) - expectedPerCollector - // Checking to see that there is no change to number of targets - actualTargetItems = c.TargetItems() - assert.Len(t, actualTargetItems, numItemsUpdate) - // Checking to see collectors are added correctly - actualCollectors := c.Collectors() - assert.Len(t, actualCollectors, numCols) - for _, col := range actualCollectors { - assert.InDelta(t, col.NumTargets, expectedPerCollector, expectedDelta) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy.go deleted file mode 100644 index 5f5285ece..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy.go +++ /dev/null @@ -1,118 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package allocation - -import ( - "errors" - "fmt" - - "github.com/buraksezer/consistent" - "github.com/go-logr/logr" - "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promauto" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -type AllocatorProvider func(log logr.Logger, opts ...AllocationOption) Allocator - -var ( - registry = map[string]AllocatorProvider{} - - // TargetsPerCollector records how many targets have been assigned to each collector. - // It is currently the responsibility of the strategy to track this information. - TargetsPerCollector = promauto.NewGaugeVec(prometheus.GaugeOpts{ - Name: "cloudwatch_agent_allocator_targets_per_collector", - Help: "The number of targets for each collector.", - }, []string{"collector_name", "strategy"}) - CollectorsAllocatable = promauto.NewGaugeVec(prometheus.GaugeOpts{ - Name: "cloudwatch_agent_allocator_collectors_allocatable", - Help: "Number of collectors the allocator is able to allocate to.", - }, []string{"strategy"}) - TimeToAssign = promauto.NewHistogramVec(prometheus.HistogramOpts{ - Name: "cloudwatch_agent_allocator_time_to_allocate", - Help: "The time it takes to allocate", - }, []string{"method", "strategy"}) - targetsRemaining = promauto.NewCounter(prometheus.CounterOpts{ - Name: "cloudwatch_agent_allocator_targets_remaining", - Help: "Number of targets kept after filtering.", - }) -) - -type AllocationOption func(Allocator) - -type Filter interface { - Apply(map[string]*target.Item) map[string]*target.Item -} - -func WithFilter(filter Filter) AllocationOption { - return func(allocator Allocator) { - allocator.SetFilter(filter) - } -} - -func RecordTargetsKept(targets map[string]*target.Item) { - targetsRemaining.Add(float64(len(targets))) -} - -func New(name string, log logr.Logger, opts ...AllocationOption) (Allocator, error) { - if p, ok := registry[name]; ok { - return p(log.WithValues("allocator", name), opts...), nil - } - return nil, fmt.Errorf("unregistered strategy: %s", name) -} - -func Register(name string, provider AllocatorProvider) error { - if _, ok := registry[name]; ok { - return errors.New("already registered") - } - registry[name] = provider - return nil -} - -func GetRegisteredAllocatorNames() []string { - var names []string - for s := range registry { - names = append(names, s) - } - return names -} - -type Allocator interface { - SetCollectors(collectors map[string]*Collector) - SetTargets(targets map[string]*target.Item) - TargetItems() map[string]*target.Item - Collectors() map[string]*Collector - GetTargetsForCollectorAndJob(collector string, job string) []*target.Item - SetFilter(filter Filter) -} - -var _ consistent.Member = Collector{} - -// Collector Creates a struct that holds Collector information. -// This struct will be parsed into endpoint with Collector and jobs info. -// This struct can be extended with information like annotations and labels in the future. -type Collector struct { - Name string - NumTargets int -} - -func (c Collector) Hash() string { - return c.Name -} - -func (c Collector) String() string { - return c.Name -} - -func NewCollector(name string) *Collector { - return &Collector{Name: name} -} - -func init() { - err := Register(consistentHashingStrategyName, newConsistentHashingAllocator) - if err != nil { - panic(err) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy_test.go deleted file mode 100644 index 0437ed021..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy_test.go +++ /dev/null @@ -1,125 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package allocation - -import ( - "fmt" - "reflect" - "testing" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/diff" -) - -func BenchmarkGetAllTargetsByCollectorAndJob(b *testing.B) { - var table = []struct { - numCollectors int - numJobs int - }{ - {numCollectors: 100, numJobs: 100}, - {numCollectors: 100, numJobs: 1000}, - {numCollectors: 100, numJobs: 10000}, - {numCollectors: 100, numJobs: 100000}, - {numCollectors: 1000, numJobs: 100}, - {numCollectors: 1000, numJobs: 1000}, - {numCollectors: 1000, numJobs: 10000}, - {numCollectors: 1000, numJobs: 100000}, - } - for _, s := range GetRegisteredAllocatorNames() { - for _, v := range table { - a, err := New(s, logger) - if err != nil { - b.Log(err) - b.Fail() - } - cols := MakeNCollectors(v.numCollectors, 0) - jobs := MakeNNewTargets(v.numJobs, v.numCollectors, 0) - a.SetCollectors(cols) - a.SetTargets(jobs) - b.Run(fmt.Sprintf("%s_num_cols_%d_num_jobs_%d", s, v.numCollectors, v.numJobs), func(b *testing.B) { - b.ReportAllocs() - for i := 0; i < b.N; i++ { - a.GetTargetsForCollectorAndJob(fmt.Sprintf("collector-%d", v.numCollectors/2), fmt.Sprintf("test-job-%d", v.numJobs/2)) - } - }) - } - } -} - -func Benchmark_Setting(b *testing.B) { - var table = []struct { - numCollectors int - numTargets int - }{ - {numCollectors: 100, numTargets: 100}, - {numCollectors: 100, numTargets: 1000}, - {numCollectors: 100, numTargets: 10000}, - {numCollectors: 100, numTargets: 100000}, - {numCollectors: 1000, numTargets: 100}, - {numCollectors: 1000, numTargets: 1000}, - {numCollectors: 1000, numTargets: 10000}, - {numCollectors: 1000, numTargets: 100000}, - } - - for _, s := range GetRegisteredAllocatorNames() { - for _, v := range table { - a, _ := New(s, logger) - cols := MakeNCollectors(v.numCollectors, 0) - targets := MakeNNewTargets(v.numTargets, v.numCollectors, 0) - b.Run(fmt.Sprintf("%s_num_cols_%d_num_jobs_%d", s, v.numCollectors, v.numTargets), func(b *testing.B) { - b.ReportAllocs() - for i := 0; i < b.N; i++ { - a.SetCollectors(cols) - a.SetTargets(targets) - } - }) - } - } -} - -func TestCollectorDiff(t *testing.T) { - collector0 := NewCollector("collector-0") - collector1 := NewCollector("collector-1") - collector2 := NewCollector("collector-2") - collector3 := NewCollector("collector-3") - collector4 := NewCollector("collector-4") - type args struct { - current map[string]*Collector - new map[string]*Collector - } - tests := []struct { - name string - args args - want diff.Changes[*Collector] - }{ - { - name: "diff two collector maps", - args: args{ - current: map[string]*Collector{ - "collector-0": collector0, - "collector-1": collector1, - "collector-2": collector2, - "collector-3": collector3, - }, - new: map[string]*Collector{ - "collector-0": collector0, - "collector-1": collector1, - "collector-2": collector2, - "collector-4": collector4, - }, - }, - want: diff.NewChanges(map[string]*Collector{ - "collector-4": collector4, - }, map[string]*Collector{ - "collector-3": collector3, - }), - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := diff.Maps(tt.args.current, tt.args.new); !reflect.DeepEqual(got, tt.want) { - t.Errorf("DiffMaps() = %v, want %v", got, tt.want) - } - }) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector.go b/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector.go deleted file mode 100644 index 60bda6bca..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector.go +++ /dev/null @@ -1,132 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package collector - -import ( - "context" - "os" - "time" - - "github.com/go-logr/logr" - "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promauto" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" -) - -const ( - watcherTimeout = 15 * time.Minute -) - -var ( - ns = os.Getenv("OTELCOL_NAMESPACE") - collectorsDiscovered = promauto.NewGauge(prometheus.GaugeOpts{ - Name: "amazon_cloudwatch_agent_allocator_collectors_discovered", - Help: "Number of collectors discovered.", - }) -) - -type Client struct { - log logr.Logger - k8sClient kubernetes.Interface - close chan struct{} -} - -func NewClient(logger logr.Logger, kubeConfig *rest.Config) (*Client, error) { - clientset, err := kubernetes.NewForConfig(kubeConfig) - if err != nil { - return &Client{}, err - } - - return &Client{ - log: logger.WithValues("component", "amazon-cloudwatch-agent-target-allocator"), - k8sClient: clientset, - close: make(chan struct{}), - }, nil -} - -func (k *Client) Watch(ctx context.Context, labelMap map[string]string, fn func(collectors map[string]*allocation.Collector)) error { - collectorMap := map[string]*allocation.Collector{} - - opts := metav1.ListOptions{ - LabelSelector: labels.SelectorFromSet(labelMap).String(), - } - pods, err := k.k8sClient.CoreV1().Pods(ns).List(ctx, opts) - if err != nil { - k.log.Error(err, "Pod failure") - os.Exit(1) - } - for i := range pods.Items { - pod := pods.Items[i] - if pod.GetObjectMeta().GetDeletionTimestamp() == nil { - collectorMap[pod.Name] = allocation.NewCollector(pod.Name) - } - } - fn(collectorMap) - - for { - if !k.restartWatch(ctx, opts, collectorMap, fn) { - return nil - } - } -} - -func (k *Client) restartWatch(ctx context.Context, opts metav1.ListOptions, collectorMap map[string]*allocation.Collector, fn func(collectors map[string]*allocation.Collector)) bool { - // add timeout to the context before calling Watch - ctx, cancel := context.WithTimeout(ctx, watcherTimeout) - defer cancel() - watcher, err := k.k8sClient.CoreV1().Pods(ns).Watch(ctx, opts) - if err != nil { - k.log.Error(err, "unable to create collector pod watcher") - return false - } - k.log.Info("Successfully started a collector pod watcher") - if msg := runWatch(ctx, k, watcher.ResultChan(), collectorMap, fn); msg != "" { - k.log.Info("Collector pod watch event stopped " + msg) - return false - } - - return true -} - -func runWatch(ctx context.Context, k *Client, c <-chan watch.Event, collectorMap map[string]*allocation.Collector, fn func(collectors map[string]*allocation.Collector)) string { - for { - collectorsDiscovered.Set(float64(len(collectorMap))) - select { - case <-k.close: - return "kubernetes client closed" - case <-ctx.Done(): - return "" // this means that the watcher most likely timed out - case event, ok := <-c: - if !ok { - k.log.Info("No event found. Restarting watch routine") - return "" - } - - pod, ok := event.Object.(*v1.Pod) - if !ok { - k.log.Info("No pod found in event Object. Restarting watch routine") - return "" - } - - switch event.Type { //nolint:exhaustive - case watch.Added: - collectorMap[pod.Name] = allocation.NewCollector(pod.Name) - case watch.Deleted: - delete(collectorMap, pod.Name) - } - fn(collectorMap) - } - } -} - -func (k *Client) Close() { - close(k.close) -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go deleted file mode 100644 index 002e25401..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go +++ /dev/null @@ -1,210 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package collector - -import ( - "context" - "fmt" - "os" - "sync" - "testing" - "time" - - "k8s.io/apimachinery/pkg/watch" - logf "sigs.k8s.io/controller-runtime/pkg/log" - - "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/kubernetes/fake" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" -) - -var logger = logf.Log.WithName("collector-unit-tests") - -func getTestClient() (Client, watch.Interface) { - kubeClient := Client{ - k8sClient: fake.NewSimpleClientset(), - close: make(chan struct{}), - log: logger, - } - - labelMap := map[string]string{ - "app.kubernetes.io/instance": "default.test", - "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", - } - - opts := metav1.ListOptions{ - LabelSelector: labels.SelectorFromSet(labelMap).String(), - } - watcher, err := kubeClient.k8sClient.CoreV1().Pods("test-ns").Watch(context.Background(), opts) - if err != nil { - fmt.Printf("failed to setup a Collector Pod watcher: %v", err) - os.Exit(1) - } - return kubeClient, watcher -} - -func pod(name string) *v1.Pod { - labelSet := make(map[string]string) - labelSet["app.kubernetes.io/instance"] = "default.test" - labelSet["app.kubernetes.io/managed-by"] = "amazon-cloudwatch-agent-operator" - - return &v1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: "test-ns", - Labels: labelSet, - }, - } -} - -func Test_runWatch(t *testing.T) { - type args struct { - kubeFn func(t *testing.T, client Client, group *sync.WaitGroup) - collectorMap map[string]*allocation.Collector - } - tests := []struct { - name string - args args - want map[string]*allocation.Collector - }{ - { - name: "pod add", - args: args{ - kubeFn: func(t *testing.T, client Client, group *sync.WaitGroup) { - for _, k := range []string{"test-pod1", "test-pod2", "test-pod3"} { - p := pod(k) - group.Add(1) - _, err := client.k8sClient.CoreV1().Pods("test-ns").Create(context.Background(), p, metav1.CreateOptions{}) - assert.NoError(t, err) - } - }, - collectorMap: map[string]*allocation.Collector{}, - }, - want: map[string]*allocation.Collector{ - "test-pod1": { - Name: "test-pod1", - }, - "test-pod2": { - Name: "test-pod2", - }, - "test-pod3": { - Name: "test-pod3", - }, - }, - }, - { - name: "pod delete", - args: args{ - kubeFn: func(t *testing.T, client Client, group *sync.WaitGroup) { - for _, k := range []string{"test-pod2", "test-pod3"} { - group.Add(1) - err := client.k8sClient.CoreV1().Pods("test-ns").Delete(context.Background(), k, metav1.DeleteOptions{}) - assert.NoError(t, err) - } - }, - collectorMap: map[string]*allocation.Collector{ - "test-pod1": { - Name: "test-pod1", - }, - "test-pod2": { - Name: "test-pod2", - }, - "test-pod3": { - Name: "test-pod3", - }, - }, - }, - want: map[string]*allocation.Collector{ - "test-pod1": { - Name: "test-pod1", - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - kubeClient, watcher := getTestClient() - defer func() { - close(kubeClient.close) - watcher.Stop() - }() - var wg sync.WaitGroup - actual := make(map[string]*allocation.Collector) - for _, k := range tt.args.collectorMap { - p := pod(k.Name) - _, err := kubeClient.k8sClient.CoreV1().Pods("test-ns").Create(context.Background(), p, metav1.CreateOptions{}) - wg.Add(1) - assert.NoError(t, err) - } - go runWatch(context.Background(), &kubeClient, watcher.ResultChan(), map[string]*allocation.Collector{}, func(colMap map[string]*allocation.Collector) { - actual = colMap - wg.Done() - }) - - tt.args.kubeFn(t, kubeClient, &wg) - wg.Wait() - - assert.Len(t, actual, len(tt.want)) - assert.Equal(t, actual, tt.want) - }) - } -} - -// this tests runWatch in the case of watcher channel closing and watcher timing out. -func Test_closeChannel(t *testing.T) { - tests := []struct { - description string - isCloseChannel bool - timeoutSeconds time.Duration - }{ - { - // event is triggered by channel closing. - description: "close_channel", - isCloseChannel: true, - // channel should be closed before this timeout occurs - timeoutSeconds: 10 * time.Second, - }, - { - // event triggered by timeout. - description: "watcher_timeout", - isCloseChannel: false, - timeoutSeconds: 0 * time.Second, - }, - } - - for _, tc := range tests { - t.Run(tc.description, func(t *testing.T) { - kubeClient, watcher := getTestClient() - - defer func() { - close(kubeClient.close) - watcher.Stop() - }() - var wg sync.WaitGroup - wg.Add(1) - terminated := false - - go func(watcher watch.Interface) { - defer wg.Done() - ctx, cancel := context.WithTimeout(context.Background(), tc.timeoutSeconds) - defer cancel() - if msg := runWatch(ctx, &kubeClient, watcher.ResultChan(), map[string]*allocation.Collector{}, func(colMap map[string]*allocation.Collector) {}); msg != "" { - terminated = true - return - } - }(watcher) - - if tc.isCloseChannel { - // stop pod watcher to trigger event. - watcher.Stop() - } - wg.Wait() - assert.False(t, terminated) - }) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/config.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/config.go deleted file mode 100644 index df2547712..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/config/config.go +++ /dev/null @@ -1,170 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package config - -import ( - "errors" - "fmt" - "io/fs" - "os" - "time" - - "github.com/go-logr/logr" - "github.com/prometheus/common/model" - promconfig "github.com/prometheus/prometheus/config" - _ "github.com/prometheus/prometheus/discovery/install" - "github.com/spf13/pflag" - "gopkg.in/yaml.v2" - "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" - "k8s.io/klog/v2" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/log/zap" -) - -const DefaultResyncTime = 5 * time.Minute -const DefaultConfigFilePath string = "/conf/targetallocator.yaml" -const DefaultCRScrapeInterval model.Duration = model.Duration(time.Second * 30) -const DefaultAllocationStrategy string = "consistent-hashing" - -type Config struct { - ListenAddr string `yaml:"listen_addr,omitempty"` - KubeConfigFilePath string `yaml:"kube_config_file_path,omitempty"` - ClusterConfig *rest.Config `yaml:"-"` - RootLogger logr.Logger `yaml:"-"` - ReloadConfig bool `yaml:"-"` - LabelSelector map[string]string `yaml:"label_selector,omitempty"` - PromConfig *promconfig.Config `yaml:"config"` - AllocationStrategy *string `yaml:"allocation_strategy,omitempty"` - FilterStrategy *string `yaml:"filter_strategy,omitempty"` - PrometheusCR PrometheusCRConfig `yaml:"prometheus_cr,omitempty"` - PodMonitorSelector map[string]string `yaml:"pod_monitor_selector,omitempty"` - ServiceMonitorSelector map[string]string `yaml:"service_monitor_selector,omitempty"` -} - -type PrometheusCRConfig struct { - Enabled bool `yaml:"enabled,omitempty"` - ScrapeInterval model.Duration `yaml:"scrape_interval,omitempty"` -} - -func (c Config) GetAllocationStrategy() string { - if c.AllocationStrategy != nil { - return *c.AllocationStrategy - } - return DefaultAllocationStrategy -} - -func (c Config) GetTargetsFilterStrategy() string { - if c.FilterStrategy != nil { - return *c.FilterStrategy - } - return "" -} - -func LoadFromFile(file string, target *Config) error { - return unmarshal(target, file) -} - -func LoadFromCLI(target *Config, flagSet *pflag.FlagSet) error { - var err error - // set the rest of the config attributes based on command-line flag values - target.RootLogger = zap.New(zap.UseFlagOptions(&zapCmdLineOpts)) - klog.SetLogger(target.RootLogger) - ctrl.SetLogger(target.RootLogger) - - target.KubeConfigFilePath, err = getKubeConfigFilePath(flagSet) - if err != nil { - return err - } - clusterConfig, err := clientcmd.BuildConfigFromFlags("", target.KubeConfigFilePath) - if err != nil { - pathError := &fs.PathError{} - if ok := errors.As(err, &pathError); !ok { - return err - } - clusterConfig, err = rest.InClusterConfig() - if err != nil { - return err - } - target.KubeConfigFilePath = "" - } - target.ClusterConfig = clusterConfig - - target.ListenAddr, err = getListenAddr(flagSet) - if err != nil { - return err - } - - target.PrometheusCR.Enabled, err = getPrometheusCREnabled(flagSet) - if err != nil { - return err - } - - target.ReloadConfig, err = getConfigReloadEnabled(flagSet) - if err != nil { - return err - } - - return nil -} - -func unmarshal(cfg *Config, configFile string) error { - - yamlFile, err := os.ReadFile(configFile) - if err != nil { - return err - } - if err = yaml.UnmarshalStrict(yamlFile, cfg); err != nil { - return fmt.Errorf("error unmarshaling YAML: %w", err) - } - return nil -} - -func CreateDefaultConfig() Config { - var allocation_strategy = DefaultAllocationStrategy - return Config{ - PrometheusCR: PrometheusCRConfig{ - ScrapeInterval: DefaultCRScrapeInterval, - }, - AllocationStrategy: &allocation_strategy, - } -} - -func Load() (*Config, string, error) { - var err error - - flagSet := getFlagSet(pflag.ExitOnError) - err = flagSet.Parse(os.Args) - if err != nil { - return nil, "", err - } - - config := CreateDefaultConfig() - - // load the config from the config file - configFilePath, err := getConfigFilePath(flagSet) - if err != nil { - return nil, "", err - } - err = LoadFromFile(configFilePath, &config) - if err != nil { - return nil, "", err - } - - err = LoadFromCLI(&config, flagSet) - if err != nil { - return nil, "", err - } - - return &config, configFilePath, nil -} - -// ValidateConfig validates the cli and file configs together. -func ValidateConfig(config *Config) error { - scrapeConfigsPresent := (config.PromConfig != nil && len(config.PromConfig.ScrapeConfigs) > 0) - if !(config.PrometheusCR.Enabled || scrapeConfigsPresent) { - return fmt.Errorf("at least one scrape config must be defined, or Prometheus CR watching must be enabled") - } - return nil -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go deleted file mode 100644 index b433a20a8..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go +++ /dev/null @@ -1,212 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package config - -import ( - "fmt" - "testing" - "time" - - commonconfig "github.com/prometheus/common/config" - promconfig "github.com/prometheus/prometheus/config" - - "github.com/prometheus/common/model" - "github.com/prometheus/prometheus/discovery" - "github.com/prometheus/prometheus/discovery/file" - "github.com/stretchr/testify/assert" -) - -func TestLoad(t *testing.T) { - var defaulAllocationStrategy = DefaultAllocationStrategy - type args struct { - file string - } - tests := []struct { - name string - args args - want Config - wantErr assert.ErrorAssertionFunc - }{ - { - name: "file sd load", - args: args{ - file: "./testdata/config_test.yaml", - }, - want: Config{ - AllocationStrategy: &defaulAllocationStrategy, - LabelSelector: map[string]string{ - "app.kubernetes.io/instance": "default.test", - "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", - }, - PrometheusCR: PrometheusCRConfig{ - ScrapeInterval: model.Duration(time.Second * 60), - }, - PromConfig: &promconfig.Config{ - GlobalConfig: promconfig.GlobalConfig{ - ScrapeInterval: model.Duration(60 * time.Second), - ScrapeTimeout: model.Duration(10 * time.Second), - EvaluationInterval: model.Duration(60 * time.Second), - }, - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "prometheus", - HonorTimestamps: true, - ScrapeInterval: model.Duration(60 * time.Second), - ScrapeTimeout: model.Duration(10 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - EnableHTTP2: true, - }, - ServiceDiscoveryConfigs: []discovery.Config{ - &file.SDConfig{ - Files: []string{"./file_sd_test.json"}, - RefreshInterval: model.Duration(5 * time.Minute), - }, - discovery.StaticConfig{ - { - Targets: []model.LabelSet{ - {model.AddressLabel: "prom.domain:9001"}, - {model.AddressLabel: "prom.domain:9002"}, - {model.AddressLabel: "prom.domain:9003"}, - }, - Labels: model.LabelSet{ - "my": "label", - }, - Source: "0", - }, - }, - }, - }, - }, - }, - }, - wantErr: assert.NoError, - }, - { - name: "no config", - args: args{ - file: "./testdata/no_config.yaml", - }, - want: CreateDefaultConfig(), - wantErr: assert.NoError, - }, - { - name: "service monitor pod monitor selector", - args: args{ - file: "./testdata/pod_service_selector_test.yaml", - }, - want: Config{ - AllocationStrategy: &defaulAllocationStrategy, - LabelSelector: map[string]string{ - "app.kubernetes.io/instance": "default.test", - "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", - }, - PrometheusCR: PrometheusCRConfig{ - ScrapeInterval: DefaultCRScrapeInterval, - }, - PromConfig: &promconfig.Config{ - GlobalConfig: promconfig.GlobalConfig{ - ScrapeInterval: model.Duration(60 * time.Second), - ScrapeTimeout: model.Duration(10 * time.Second), - EvaluationInterval: model.Duration(60 * time.Second), - }, - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "prometheus", - HonorTimestamps: true, - ScrapeInterval: model.Duration(60 * time.Second), - ScrapeTimeout: model.Duration(10 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - EnableHTTP2: true, - }, - ServiceDiscoveryConfigs: []discovery.Config{ - discovery.StaticConfig{ - { - Targets: []model.LabelSet{ - {model.AddressLabel: "prom.domain:9001"}, - {model.AddressLabel: "prom.domain:9002"}, - {model.AddressLabel: "prom.domain:9003"}, - }, - Labels: model.LabelSet{ - "my": "label", - }, - Source: "0", - }, - }, - }, - }, - }, - }, - PodMonitorSelector: map[string]string{ - "release": "test", - }, - ServiceMonitorSelector: map[string]string{ - "release": "test", - }, - }, - wantErr: assert.NoError, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got := CreateDefaultConfig() - err := LoadFromFile(tt.args.file, &got) - if !tt.wantErr(t, err, fmt.Sprintf("Load(%v)", tt.args.file)) { - return - } - assert.Equalf(t, tt.want, got, "Load(%v)", tt.args.file) - }) - } -} - -func TestValidateConfig(t *testing.T) { - testCases := []struct { - name string - fileConfig Config - expectedErr error - }{ - { - name: "promCR enabled, no Prometheus config", - fileConfig: Config{PromConfig: nil, PrometheusCR: PrometheusCRConfig{Enabled: true}}, - expectedErr: nil, - }, - { - name: "promCR disabled, no Prometheus config", - fileConfig: Config{PromConfig: nil}, - expectedErr: fmt.Errorf("at least one scrape config must be defined, or Prometheus CR watching must be enabled"), - }, - { - name: "promCR disabled, Prometheus config present, no scrapeConfigs", - fileConfig: Config{PromConfig: &promconfig.Config{}}, - expectedErr: fmt.Errorf("at least one scrape config must be defined, or Prometheus CR watching must be enabled"), - }, - { - name: "promCR disabled, Prometheus config present, scrapeConfigs present", - fileConfig: Config{ - PromConfig: &promconfig.Config{ScrapeConfigs: []*promconfig.ScrapeConfig{{}}}, - }, - expectedErr: nil, - }, - { - name: "promCR enabled, Prometheus config present, scrapeConfigs present", - fileConfig: Config{ - PromConfig: &promconfig.Config{ScrapeConfigs: []*promconfig.ScrapeConfig{{}}}, - PrometheusCR: PrometheusCRConfig{Enabled: true}, - }, - expectedErr: nil, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - err := ValidateConfig(&tc.fileConfig) - assert.Equal(t, tc.expectedErr, err) - }) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/flags.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/flags.go deleted file mode 100644 index cb143aa59..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/config/flags.go +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package config - -import ( - "flag" - "path/filepath" - - "github.com/spf13/pflag" - "k8s.io/client-go/util/homedir" - "sigs.k8s.io/controller-runtime/pkg/log/zap" -) - -// Flag names. -const ( - targetAllocatorName = "target-allocator" - configFilePathFlagName = "config-file" - listenAddrFlagName = "listen-addr" - prometheusCREnabledFlagName = "enable-prometheus-cr-watcher" - kubeConfigPathFlagName = "kubeconfig-path" - reloadConfigFlagName = "reload-config" -) - -// We can't bind this flag to our FlagSet, so we need to handle it separately. -var zapCmdLineOpts zap.Options - -func getFlagSet(errorHandling pflag.ErrorHandling) *pflag.FlagSet { - flagSet := pflag.NewFlagSet(targetAllocatorName, errorHandling) - flagSet.String(configFilePathFlagName, DefaultConfigFilePath, "The path to the config file.") - flagSet.String(listenAddrFlagName, ":8080", "The address where this service serves.") - flagSet.Bool(prometheusCREnabledFlagName, false, "Enable Prometheus CRs as target sources") - flagSet.String(kubeConfigPathFlagName, filepath.Join(homedir.HomeDir(), ".kube", "config"), "absolute path to the KubeconfigPath file") - flagSet.Bool(reloadConfigFlagName, false, "Enable automatic configuration reloading. This functionality is deprecated and will be removed in a future release.") - zapFlagSet := flag.NewFlagSet("", flag.ErrorHandling(errorHandling)) - zapCmdLineOpts.BindFlags(zapFlagSet) - flagSet.AddGoFlagSet(zapFlagSet) - return flagSet -} - -func getConfigFilePath(flagSet *pflag.FlagSet) (string, error) { - return flagSet.GetString(configFilePathFlagName) -} - -func getKubeConfigFilePath(flagSet *pflag.FlagSet) (string, error) { - return flagSet.GetString(kubeConfigPathFlagName) -} - -func getListenAddr(flagSet *pflag.FlagSet) (string, error) { - return flagSet.GetString(listenAddrFlagName) -} - -func getPrometheusCREnabled(flagSet *pflag.FlagSet) (bool, error) { - return flagSet.GetBool(prometheusCREnabledFlagName) -} - -func getConfigReloadEnabled(flagSet *pflag.FlagSet) (bool, error) { - return flagSet.GetBool(reloadConfigFlagName) -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/flags_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/flags_test.go deleted file mode 100644 index cc7789ca9..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/config/flags_test.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package config - -import ( - "path/filepath" - "testing" - - "github.com/spf13/pflag" - "github.com/stretchr/testify/assert" -) - -func TestGetFlagSet(t *testing.T) { - fs := getFlagSet(pflag.ExitOnError) - - // Check if each flag exists - assert.NotNil(t, fs.Lookup(configFilePathFlagName), "Flag %s not found", configFilePathFlagName) - assert.NotNil(t, fs.Lookup(listenAddrFlagName), "Flag %s not found", listenAddrFlagName) - assert.NotNil(t, fs.Lookup(prometheusCREnabledFlagName), "Flag %s not found", prometheusCREnabledFlagName) - assert.NotNil(t, fs.Lookup(kubeConfigPathFlagName), "Flag %s not found", kubeConfigPathFlagName) -} - -func TestFlagGetters(t *testing.T) { - tests := []struct { - name string - flagArgs []string - expectedValue interface{} - expectedErr bool - getterFunc func(*pflag.FlagSet) (interface{}, error) - }{ - { - name: "GetConfigFilePath", - flagArgs: []string{"--" + configFilePathFlagName, "/path/to/config"}, - expectedValue: "/path/to/config", - getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getConfigFilePath(fs) }, - }, - { - name: "GetKubeConfigFilePath", - flagArgs: []string{"--" + kubeConfigPathFlagName, filepath.Join("~", ".kube", "config")}, - expectedValue: filepath.Join("~", ".kube", "config"), - getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getKubeConfigFilePath(fs) }, - }, - { - name: "GetListenAddr", - flagArgs: []string{"--" + listenAddrFlagName, ":8081"}, - expectedValue: ":8081", - getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getListenAddr(fs) }, - }, - { - name: "GetPrometheusCREnabled", - flagArgs: []string{"--" + prometheusCREnabledFlagName, "true"}, - expectedValue: true, - getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getPrometheusCREnabled(fs) }, - }, - { - name: "GetConfigReloadEnabled", - flagArgs: []string{"--" + reloadConfigFlagName, "true"}, - expectedValue: true, - getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getConfigReloadEnabled(fs) }, - }, - { - name: "InvalidFlag", - flagArgs: []string{"--invalid-flag", "value"}, - expectedErr: true, - getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getConfigFilePath(fs) }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - fs := getFlagSet(pflag.ContinueOnError) - err := fs.Parse(tt.flagArgs) - - // If an error is expected during parsing, we check it here. - if tt.expectedErr { - assert.Error(t, err) - return - } - - got, err := tt.getterFunc(fs) - assert.NoError(t, err) - assert.Equal(t, tt.expectedValue, got) - }) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/config_test.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/config_test.yaml deleted file mode 100644 index e5ac5487f..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/config_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -label_selector: - app.kubernetes.io/instance: default.test - app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator -prometheus_cr: - scrape_interval: 60s -config: - scrape_configs: - - job_name: prometheus - - file_sd_configs: - - files: - - ./file_sd_test.json - - static_configs: - - targets: ["prom.domain:9001", "prom.domain:9002", "prom.domain:9003"] - labels: - my: label diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/file_sd_test.json b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/file_sd_test.json deleted file mode 100644 index 7114e6246..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/file_sd_test.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "labels": { - "job": "node" - }, - "targets": [ - "promfile.domain:1001" - ] - }, - { - "labels": { - "foo1": "bar1" - }, - "targets": [ - "promfile.domain:3000" - ] - } -] diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/no_config.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/no_config.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/pod_service_selector_test.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/pod_service_selector_test.yaml deleted file mode 100644 index 298ce5639..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/pod_service_selector_test.yaml +++ /dev/null @@ -1,14 +0,0 @@ -label_selector: - app.kubernetes.io/instance: default.test - app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator -pod_monitor_selector: - release: test -service_monitor_selector: - release: test -config: - scrape_configs: - - job_name: prometheus - static_configs: - - targets: ["prom.domain:9001", "prom.domain:9002", "prom.domain:9003"] - labels: - my: label \ No newline at end of file diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff.go b/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff.go deleted file mode 100644 index daac98724..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff.go +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package diff - -// Changes is the result of the difference between two maps – items that are added and items that are removed -// This map is used to reconcile state differences. -type Changes[T Hasher] struct { - additions map[string]T - removals map[string]T -} - -type Hasher interface { - Hash() string -} - -func NewChanges[T Hasher](additions map[string]T, removals map[string]T) Changes[T] { - return Changes[T]{additions: additions, removals: removals} -} - -func (c Changes[T]) Additions() map[string]T { - return c.additions -} - -func (c Changes[T]) Removals() map[string]T { - return c.removals -} - -// Maps generates Changes for two maps with the same type signature by checking for any removals and then checking for -// additions. -// TODO: This doesn't need to create maps, it can return slices only. This function doesn't need to insert the values. -func Maps[T Hasher](current, new map[string]T) Changes[T] { - additions := map[string]T{} - removals := map[string]T{} - for key, newValue := range new { - if currentValue, found := current[key]; !found { - additions[key] = newValue - } else if currentValue.Hash() != newValue.Hash() { - additions[key] = newValue - removals[key] = currentValue - } - } - for key, value := range current { - if _, found := new[key]; !found { - removals[key] = value - } - } - return Changes[T]{ - additions: additions, - removals: removals, - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff_test.go deleted file mode 100644 index d64c1c743..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff_test.go +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package diff - -import ( - "reflect" - "testing" -) - -type HasherString string - -func (s HasherString) Hash() string { - return string(s) -} - -func TestDiffMaps(t *testing.T) { - type args struct { - current map[string]Hasher - new map[string]Hasher - } - tests := []struct { - name string - args args - want Changes[Hasher] - }{ - { - name: "basic replacement", - args: args{ - current: map[string]Hasher{ - "current": HasherString("one"), - }, - new: map[string]Hasher{ - "new": HasherString("another"), - }, - }, - want: Changes[Hasher]{ - additions: map[string]Hasher{ - "new": HasherString("another"), - }, - removals: map[string]Hasher{ - "current": HasherString("one"), - }, - }, - }, - { - name: "single addition", - args: args{ - current: map[string]Hasher{ - "current": HasherString("one"), - }, - new: map[string]Hasher{ - "current": HasherString("one"), - "new": HasherString("another"), - }, - }, - want: Changes[Hasher]{ - additions: map[string]Hasher{ - "new": HasherString("another"), - }, - removals: map[string]Hasher{}, - }, - }, - { - name: "value change", - args: args{ - current: map[string]Hasher{ - "k1": HasherString("v1"), - "k2": HasherString("v2"), - "change": HasherString("before"), - }, - new: map[string]Hasher{ - "k1": HasherString("v1"), - "k3": HasherString("v3"), - "change": HasherString("after"), - }, - }, - want: Changes[Hasher]{ - additions: map[string]Hasher{ - "k3": HasherString("v3"), - "change": HasherString("after"), - }, - removals: map[string]Hasher{ - "k2": HasherString("v2"), - "change": HasherString("before"), - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := Maps(tt.args.current, tt.args.new); !reflect.DeepEqual(got, tt.want) { - t.Errorf("DiffMaps() = %v, want %v", got, tt.want) - } - }) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/main.go b/cmd/amazon-cloudwatch-agent-target-allocator/main.go deleted file mode 100644 index 4848ad080..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/main.go +++ /dev/null @@ -1,230 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package main - -import ( - "context" - "fmt" - "os" - "os/signal" - "syscall" - - gokitlog "github.com/go-kit/log" - "github.com/oklog/run" - "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promauto" - "github.com/prometheus/prometheus/discovery" - _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - ctrl "sigs.k8s.io/controller-runtime" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/collector" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/config" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/prehook" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/server" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" - allocatorWatcher "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/watcher" -) - -var ( - setupLog = ctrl.Log.WithName("setup") - eventsMetric = promauto.NewCounterVec(prometheus.CounterOpts{ - Name: "cloudwatch_agent_allocator_events", - Help: "Number of events in the channel.", - }, []string{"source"}) -) - -func main() { - var ( - // allocatorPrehook will be nil if filterStrategy is not set or - // unrecognized. No filtering will be used in this case. - allocatorPrehook prehook.Hook - allocator allocation.Allocator - discoveryManager *discovery.Manager - collectorWatcher *collector.Client - fileWatcher allocatorWatcher.Watcher - promWatcher allocatorWatcher.Watcher - targetDiscoverer *target.Discoverer - - discoveryCancel context.CancelFunc - runGroup run.Group - eventChan = make(chan allocatorWatcher.Event) - eventCloser = make(chan bool, 1) - interrupts = make(chan os.Signal, 1) - errChan = make(chan error) - ) - cfg, configFilePath, err := config.Load() - if err != nil { - fmt.Printf("Failed to load config: %v", err) - os.Exit(1) - } - ctrl.SetLogger(cfg.RootLogger) - - if validationErr := config.ValidateConfig(cfg); validationErr != nil { - setupLog.Error(validationErr, "Invalid configuration") - os.Exit(1) - } - - cfg.RootLogger.Info("Starting the Target Allocator") - ctx := context.Background() - log := ctrl.Log.WithName("allocator") - - allocatorPrehook = prehook.New(cfg.GetTargetsFilterStrategy(), log) - allocator, err = allocation.New(cfg.GetAllocationStrategy(), log, allocation.WithFilter(allocatorPrehook)) - if err != nil { - setupLog.Error(err, "Unable to initialize allocation strategy") - os.Exit(1) - } - srv := server.NewServer(log, allocator, cfg.ListenAddr) - - discoveryCtx, discoveryCancel := context.WithCancel(ctx) - discoveryManager = discovery.NewManager(discoveryCtx, gokitlog.NewNopLogger()) - discovery.RegisterMetrics() // discovery manager metrics need to be enabled explicitly - - targetDiscoverer = target.NewDiscoverer(log, discoveryManager, allocatorPrehook, srv) - collectorWatcher, collectorWatcherErr := collector.NewClient(log, cfg.ClusterConfig) - if collectorWatcherErr != nil { - setupLog.Error(collectorWatcherErr, "Unable to initialize collector watcher") - os.Exit(1) - } - if cfg.ReloadConfig { - fileWatcher, err = allocatorWatcher.NewFileWatcher(setupLog.WithName("file-watcher"), configFilePath) - if err != nil { - setupLog.Error(err, "Can't start the file watcher") - os.Exit(1) - } - } - signal.Notify(interrupts, os.Interrupt, syscall.SIGINT, syscall.SIGTERM) - defer close(interrupts) - - if cfg.PrometheusCR.Enabled { - promWatcher, err = allocatorWatcher.NewPrometheusCRWatcher(setupLog.WithName("prometheus-cr-watcher"), *cfg) - if err != nil { - setupLog.Error(err, "Can't start the prometheus watcher") - os.Exit(1) - } - runGroup.Add( - func() error { - promWatcherErr := promWatcher.Watch(eventChan, errChan) - setupLog.Info("Prometheus watcher exited") - return promWatcherErr - }, - func(_ error) { - setupLog.Info("Closing prometheus watcher") - promWatcherErr := promWatcher.Close() - if promWatcherErr != nil { - setupLog.Error(promWatcherErr, "prometheus watcher failed to close") - } - }) - } - if cfg.ReloadConfig { - runGroup.Add( - func() error { - fileWatcherErr := fileWatcher.Watch(eventChan, errChan) - setupLog.Info("File watcher exited") - return fileWatcherErr - }, - func(_ error) { - setupLog.Info("Closing file watcher") - fileWatcherErr := fileWatcher.Close() - if fileWatcherErr != nil { - setupLog.Error(fileWatcherErr, "file watcher failed to close") - } - }) - } - runGroup.Add( - func() error { - discoveryManagerErr := discoveryManager.Run() - setupLog.Info("Discovery manager exited") - return discoveryManagerErr - }, - func(_ error) { - setupLog.Info("Closing discovery manager") - discoveryCancel() - }) - runGroup.Add( - func() error { - // Initial loading of the config file's scrape config - err = targetDiscoverer.ApplyConfig(allocatorWatcher.EventSourceConfigMap, cfg.PromConfig) - if err != nil { - setupLog.Error(err, "Unable to apply initial configuration") - return err - } - err := targetDiscoverer.Watch(allocator.SetTargets) - setupLog.Info("Target discoverer exited") - return err - }, - func(_ error) { - setupLog.Info("Closing target discoverer") - targetDiscoverer.Close() - }) - runGroup.Add( - func() error { - err := collectorWatcher.Watch(ctx, cfg.LabelSelector, allocator.SetCollectors) - setupLog.Info("Collector watcher exited") - return err - }, - func(_ error) { - setupLog.Info("Closing collector watcher") - collectorWatcher.Close() - }) - runGroup.Add( - func() error { - err := srv.Start() - setupLog.Info("Server failed to start") - return err - }, - func(_ error) { - setupLog.Info("Closing server") - if shutdownErr := srv.Shutdown(ctx); shutdownErr != nil { - setupLog.Error(shutdownErr, "Error on server shutdown") - } - }) - runGroup.Add( - func() error { - for { - select { - case event := <-eventChan: - eventsMetric.WithLabelValues(event.Source.String()).Inc() - loadConfig, err := event.Watcher.LoadConfig(ctx) - if err != nil { - setupLog.Error(err, "Unable to load configuration") - continue - } - err = targetDiscoverer.ApplyConfig(event.Source, loadConfig) - if err != nil { - setupLog.Error(err, "Unable to apply configuration") - continue - } - case err := <-errChan: - setupLog.Error(err, "Watcher error") - case <-eventCloser: - return nil - } - } - }, - func(_ error) { - setupLog.Info("Closing watcher loop") - close(eventCloser) - }) - runGroup.Add( - func() error { - for { - select { - case <-interrupts: - setupLog.Info("Received interrupt") - return nil - case <-eventCloser: - return nil - } - } - }, - func(_ error) { - setupLog.Info("Closing interrupt loop") - }) - if runErr := runGroup.Run(); runErr != nil { - setupLog.Error(runErr, "run group exited") - } - setupLog.Info("Target allocator exited.") -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/prehook.go b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/prehook.go deleted file mode 100644 index a1f1b4c35..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/prehook.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package prehook - -import ( - "errors" - - "github.com/go-logr/logr" - "github.com/prometheus/prometheus/model/relabel" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -const ( - relabelConfigTargetFilterName = "relabel-config" -) - -type Hook interface { - Apply(map[string]*target.Item) map[string]*target.Item - SetConfig(map[string][]*relabel.Config) - GetConfig() map[string][]*relabel.Config -} - -type HookProvider func(log logr.Logger) Hook - -var ( - registry = map[string]HookProvider{} -) - -func New(name string, log logr.Logger) Hook { - if p, ok := registry[name]; ok { - return p(log.WithName("Prehook").WithName(name)) - } - - log.Info("Unrecognized filter strategy; filtering disabled") - return nil -} - -func Register(name string, provider HookProvider) error { - if _, ok := registry[name]; ok { - return errors.New("already registered") - } - registry[name] = provider - return nil -} - -func init() { - err := Register(relabelConfigTargetFilterName, NewRelabelConfigTargetFilter) - if err != nil { - panic(err) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel.go b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel.go deleted file mode 100644 index c8d7b20f8..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel.go +++ /dev/null @@ -1,99 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package prehook - -import ( - "github.com/go-logr/logr" - "github.com/prometheus/common/model" - "github.com/prometheus/prometheus/model/labels" - "github.com/prometheus/prometheus/model/relabel" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -type RelabelConfigTargetFilter struct { - log logr.Logger - relabelCfg map[string][]*relabel.Config -} - -func NewRelabelConfigTargetFilter(log logr.Logger) Hook { - return &RelabelConfigTargetFilter{ - log: log, - relabelCfg: make(map[string][]*relabel.Config), - } -} - -// helper function converts from model.LabelSet to []labels.Label. -func convertLabelToPromLabelSet(lbls model.LabelSet) []labels.Label { - newLabels := make([]labels.Label, len(lbls)) - index := 0 - for k, v := range lbls { - newLabels[index].Name = string(k) - newLabels[index].Value = string(v) - index++ - } - return newLabels -} - -func (tf *RelabelConfigTargetFilter) Apply(targets map[string]*target.Item) map[string]*target.Item { - numTargets := len(targets) - - // need to wait until relabelCfg is set - if len(tf.relabelCfg) == 0 { - return targets - } - - // Note: jobNameKey != tItem.JobName (jobNameKey is hashed) - for jobNameKey, tItem := range targets { - keepTarget := true - lset := convertLabelToPromLabelSet(tItem.Labels) - for _, cfg := range tf.relabelCfg[tItem.JobName] { - if newLset, keep := relabel.Process(lset, cfg); !keep { - keepTarget = false - break // inner loop - } else { - lset = newLset - } - } - - if !keepTarget { - delete(targets, jobNameKey) - } - } - - tf.log.V(2).Info("Filtering complete", "seen", numTargets, "kept", len(targets)) - return targets -} - -func (tf *RelabelConfigTargetFilter) SetConfig(cfgs map[string][]*relabel.Config) { - relabelCfgCopy := make(map[string][]*relabel.Config) - for key, val := range cfgs { - relabelCfgCopy[key] = tf.replaceRelabelConfig(val) - } - - tf.relabelCfg = relabelCfgCopy -} - -// See this thread [https://github.com/open-telemetry/opentelemetry-operator/pull/1124/files#r983145795] -// for why SHARD == 0 is a necessary substitution. Otherwise the keep action that uses this env variable, -// would not match the regex and all targets end up dropped. Also note, $(SHARD) will always be 0 and it -// does not make sense to read from the environment because it is never set in the allocator. -func (tf *RelabelConfigTargetFilter) replaceRelabelConfig(cfg []*relabel.Config) []*relabel.Config { - for i := range cfg { - str := cfg[i].Regex.String() - if str == "$(SHARD)" { - cfg[i].Regex = relabel.MustNewRegexp("0") - } - } - - return cfg -} - -func (tf *RelabelConfigTargetFilter) GetConfig() map[string][]*relabel.Config { - relabelCfgCopy := make(map[string][]*relabel.Config) - for k, v := range tf.relabelCfg { - relabelCfgCopy[k] = v - } - return relabelCfgCopy -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel_test.go deleted file mode 100644 index a1e14b03d..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel_test.go +++ /dev/null @@ -1,259 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package prehook - -import ( - "crypto/rand" - "fmt" - "math/big" - "strconv" - "testing" - - "github.com/prometheus/common/model" - "github.com/prometheus/prometheus/model/relabel" - "github.com/stretchr/testify/assert" - logf "sigs.k8s.io/controller-runtime/pkg/log" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -var ( - logger = logf.Log.WithName("unit-tests") - defaultNumTargets = 100 - defaultNumCollectors = 3 - defaultStartIndex = 0 - - relabelConfigs = []relabelConfigObj{ - { - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"i"}, - Action: "replace", - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - Replacement: "$1", - TargetLabel: "foo", - }, - }, - isDrop: false, - }, - { - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"i"}, - Regex: relabel.MustNewRegexp("(.*)"), - Separator: ";", - Action: "keep", - Replacement: "$1", - }, - }, - isDrop: false, - }, - { - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"i"}, - Regex: relabel.MustNewRegexp("bad.*match"), - Action: "drop", - Separator: ";", - Replacement: "$1", - }, - }, - isDrop: false, - }, - { - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"label_not_present"}, - Regex: relabel.MustNewRegexp("(.*)"), - Separator: ";", - Action: "keep", - Replacement: "$1", - }, - }, - isDrop: false, - }, - { - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"i"}, - Regex: relabel.MustNewRegexp("(.*)"), - Separator: ";", - Action: "drop", - Replacement: "$1", - }, - }, - isDrop: true, - }, - { - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"collector"}, - Regex: relabel.MustNewRegexp("(collector.*)"), - Separator: ";", - Action: "drop", - Replacement: "$1", - }, - }, - isDrop: true, - }, - { - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"i"}, - Regex: relabel.MustNewRegexp("bad.*match"), - Separator: ";", - Action: "keep", - Replacement: "$1", - }, - }, - isDrop: true, - }, - { - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"collector"}, - Regex: relabel.MustNewRegexp("collectors-n"), - Separator: ";", - Action: "keep", - Replacement: "$1", - }, - }, - isDrop: true, - }, - } - - HashmodConfig = relabelConfigObj{ - cfg: []*relabel.Config{ - { - SourceLabels: model.LabelNames{"i"}, - Regex: relabel.MustNewRegexp("(.*)"), - Separator: ";", - Modulus: 1, - TargetLabel: "tmp-0", - Action: "hashmod", - Replacement: "$1", - }, - - { - SourceLabels: model.LabelNames{"tmp-$(SHARD)"}, - Regex: relabel.MustNewRegexp("$(SHARD)"), - Separator: ";", - Action: "keep", - Replacement: "$1", - }, - }, - isDrop: false, - } - - DefaultDropRelabelConfig = relabel.Config{ - SourceLabels: model.LabelNames{"i"}, - Regex: relabel.MustNewRegexp("(.*)"), - Action: "drop", - } -) - -type relabelConfigObj struct { - cfg []*relabel.Config - isDrop bool -} - -func colIndex(index, numCols int) int { - if numCols == 0 { - return -1 - } - return index % numCols -} - -func makeNNewTargets(rCfgs []relabelConfigObj, n int, numCollectors int, startingIndex int) (map[string]*target.Item, int, map[string]*target.Item, map[string][]*relabel.Config) { - toReturn := map[string]*target.Item{} - expectedMap := make(map[string]*target.Item) - numItemsRemaining := n - relabelConfig := make(map[string][]*relabel.Config) - for i := startingIndex; i < n+startingIndex; i++ { - collector := fmt.Sprintf("collector-%d", colIndex(i, numCollectors)) - label := model.LabelSet{ - "collector": model.LabelValue(collector), - "i": model.LabelValue(strconv.Itoa(i)), - "total": model.LabelValue(strconv.Itoa(n + startingIndex)), - } - jobName := fmt.Sprintf("test-job-%d", i) - newTarget := target.NewItem(jobName, "test-url", label, collector) - // add a single replace, drop, or keep action as relabel_config for targets - var index int - ind, _ := rand.Int(rand.Reader, big.NewInt(int64(len(relabelConfigs)))) - - index = int(ind.Int64()) - - relabelConfig[jobName] = rCfgs[index].cfg - - targetKey := newTarget.Hash() - if relabelConfigs[index].isDrop { - numItemsRemaining-- - } else { - expectedMap[targetKey] = newTarget - } - toReturn[targetKey] = newTarget - } - return toReturn, numItemsRemaining, expectedMap, relabelConfig -} - -func TestApply(t *testing.T) { - allocatorPrehook := New("relabel-config", logger) - assert.NotNil(t, allocatorPrehook) - - targets, numRemaining, expectedTargetMap, relabelCfg := makeNNewTargets(relabelConfigs, defaultNumTargets, defaultNumCollectors, defaultStartIndex) - allocatorPrehook.SetConfig(relabelCfg) - remainingItems := allocatorPrehook.Apply(targets) - assert.Len(t, remainingItems, numRemaining) - assert.Equal(t, remainingItems, expectedTargetMap) - - // clear out relabelCfg to test with empty values - for key := range relabelCfg { - relabelCfg[key] = nil - } - - // cfg = createMockConfig(relabelCfg) - allocatorPrehook.SetConfig(relabelCfg) - remainingItems = allocatorPrehook.Apply(targets) - // relabelCfg is empty so targets should be unfiltered - assert.Len(t, remainingItems, len(targets)) - assert.Equal(t, remainingItems, targets) -} - -func TestApplyHashmodAction(t *testing.T) { - allocatorPrehook := New("relabel-config", logger) - assert.NotNil(t, allocatorPrehook) - - hashRelabelConfigs := append(relabelConfigs, HashmodConfig) - targets, numRemaining, expectedTargetMap, relabelCfg := makeNNewTargets(hashRelabelConfigs, defaultNumTargets, defaultNumCollectors, defaultStartIndex) - allocatorPrehook.SetConfig(relabelCfg) - remainingItems := allocatorPrehook.Apply(targets) - assert.Len(t, remainingItems, numRemaining) - assert.Equal(t, remainingItems, expectedTargetMap) -} - -func TestApplyEmptyRelabelCfg(t *testing.T) { - - allocatorPrehook := New("relabel-config", logger) - assert.NotNil(t, allocatorPrehook) - - targets, _, _, _ := makeNNewTargets(relabelConfigs, defaultNumTargets, defaultNumCollectors, defaultStartIndex) - - relabelCfg := map[string][]*relabel.Config{} - allocatorPrehook.SetConfig(relabelCfg) - remainingItems := allocatorPrehook.Apply(targets) - // relabelCfg is empty so targets should be unfiltered - assert.Len(t, remainingItems, len(targets)) - assert.Equal(t, remainingItems, targets) -} - -func TestSetConfig(t *testing.T) { - allocatorPrehook := New("relabel-config", logger) - assert.NotNil(t, allocatorPrehook) - - _, _, _, relabelCfg := makeNNewTargets(relabelConfigs, defaultNumTargets, defaultNumCollectors, defaultStartIndex) - allocatorPrehook.SetConfig(relabelCfg) - assert.Equal(t, relabelCfg, allocatorPrehook.GetConfig()) -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/server/bench_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/server/bench_test.go deleted file mode 100644 index e209d6775..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/server/bench_test.go +++ /dev/null @@ -1,259 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package server - -import ( - "fmt" - "math/rand" - "net/http/httptest" - "testing" - "time" - - "github.com/gin-gonic/gin" - "github.com/prometheus/common/model" - promconfig "github.com/prometheus/prometheus/config" - "github.com/stretchr/testify/assert" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -func BenchmarkServerTargetsHandler(b *testing.B) { - random := rand.New(rand.NewSource(time.Now().UnixNano())) // nolint: gosec - var table = []struct { - numCollectors int - numJobs int - }{ - {numCollectors: 100, numJobs: 100}, - {numCollectors: 100, numJobs: 1000}, - {numCollectors: 100, numJobs: 10000}, - {numCollectors: 100, numJobs: 100000}, - {numCollectors: 1000, numJobs: 100}, - {numCollectors: 1000, numJobs: 1000}, - {numCollectors: 1000, numJobs: 10000}, - {numCollectors: 1000, numJobs: 100000}, - } - - for _, allocatorName := range allocation.GetRegisteredAllocatorNames() { - for _, v := range table { - a, _ := allocation.New(allocatorName, logger) - cols := allocation.MakeNCollectors(v.numCollectors, 0) - targets := allocation.MakeNNewTargets(v.numJobs, v.numCollectors, 0) - listenAddr := ":8080" - a.SetCollectors(cols) - a.SetTargets(targets) - s := NewServer(logger, a, listenAddr) - b.Run(fmt.Sprintf("%s_num_cols_%d_num_jobs_%d", allocatorName, v.numCollectors, v.numJobs), func(b *testing.B) { - b.ReportAllocs() - for i := 0; i < b.N; i++ { - randomJob := random.Intn(v.numJobs) //nolint: gosec - randomCol := random.Intn(v.numCollectors) //nolint: gosec - request := httptest.NewRequest("GET", fmt.Sprintf("/jobs/test-job-%d/targets?collector_id=collector-%d", randomJob, randomCol), nil) - w := httptest.NewRecorder() - s.server.Handler.ServeHTTP(w, request) - } - }) - } - } -} - -func BenchmarkScrapeConfigsHandler(b *testing.B) { - random := rand.New(rand.NewSource(time.Now().UnixNano())) // nolint: gosec - s := &Server{ - logger: logger, - } - - tests := []int{0, 5, 10, 50, 100, 500} - for _, n := range tests { - data := makeNScrapeConfigs(*random, n) - assert.NoError(b, s.UpdateScrapeConfigResponse(data)) - - b.Run(fmt.Sprintf("%d_targets", n), func(b *testing.B) { - b.ReportAllocs() - for i := 0; i < b.N; i++ { - c, _ := gin.CreateTestContext(httptest.NewRecorder()) - gin.SetMode(gin.ReleaseMode) - c.Request = httptest.NewRequest("GET", "/scrape_configs", nil) - - s.ScrapeConfigsHandler(c) - } - }) - } -} - -func BenchmarkCollectorMapJSONHandler(b *testing.B) { - random := rand.New(rand.NewSource(time.Now().UnixNano())) // nolint: gosec - s := &Server{ - logger: logger, - jsonMarshaller: jsonConfig, - } - - tests := []struct { - numCollectors int - numTargets int - }{ - { - numCollectors: 0, - numTargets: 0, - }, - { - numCollectors: 5, - numTargets: 5, - }, - { - numCollectors: 5, - numTargets: 50, - }, - { - numCollectors: 5, - numTargets: 500, - }, - { - numCollectors: 50, - numTargets: 5, - }, - { - numCollectors: 50, - numTargets: 50, - }, - { - numCollectors: 50, - numTargets: 500, - }, - { - numCollectors: 50, - numTargets: 5000, - }, - } - for _, tc := range tests { - data := makeNCollectorJSON(*random, tc.numCollectors, tc.numTargets) - b.Run(fmt.Sprintf("%d_collectors_%d_targets", tc.numCollectors, tc.numTargets), func(b *testing.B) { - b.ReportAllocs() - for i := 0; i < b.N; i++ { - resp := httptest.NewRecorder() - s.jsonHandler(resp, data) - } - }) - } -} - -func BenchmarkTargetItemsJSONHandler(b *testing.B) { - random := rand.New(rand.NewSource(time.Now().UnixNano())) // nolint: gosec - s := &Server{ - logger: logger, - jsonMarshaller: jsonConfig, - } - - tests := []struct { - numTargets int - numLabels int - }{ - { - numTargets: 0, - numLabels: 0, - }, - { - numTargets: 5, - numLabels: 5, - }, - { - numTargets: 5, - numLabels: 50, - }, - { - numTargets: 50, - numLabels: 5, - }, - { - numTargets: 50, - numLabels: 50, - }, - { - numTargets: 500, - numLabels: 50, - }, - { - numTargets: 500, - numLabels: 500, - }, - { - numTargets: 5000, - numLabels: 50, - }, - { - numTargets: 5000, - numLabels: 500, - }, - } - for _, tc := range tests { - data := makeNTargetItems(*random, tc.numTargets, tc.numLabels) - b.Run(fmt.Sprintf("%d_targets_%d_labels", tc.numTargets, tc.numLabels), func(b *testing.B) { - b.ReportAllocs() - for i := 0; i < b.N; i++ { - resp := httptest.NewRecorder() - s.jsonHandler(resp, data) - } - }) - } -} - -var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_/") - -func randSeq(random rand.Rand, n int) string { - b := make([]rune, n) - for i := range b { - b[i] = letters[random.Intn(len(letters))] //nolint:gosec - } - return string(b) -} - -func makeNScrapeConfigs(random rand.Rand, n int) map[string]*promconfig.ScrapeConfig { - items := make(map[string]*promconfig.ScrapeConfig, n) - for i := 0; i < n; i++ { - items[randSeq(random, 20)] = &promconfig.ScrapeConfig{ - JobName: randSeq(random, 20), - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(time.Minute), - MetricsPath: randSeq(random, 50), - SampleLimit: 5, - TargetLimit: 200, - LabelLimit: 20, - LabelNameLengthLimit: 50, - LabelValueLengthLimit: 100, - } - } - return items -} - -func makeNCollectorJSON(random rand.Rand, numCollectors, numItems int) map[string]collectorJSON { - items := make(map[string]collectorJSON, numCollectors) - for i := 0; i < numCollectors; i++ { - items[randSeq(random, 20)] = collectorJSON{ - Link: randSeq(random, 120), - Jobs: makeNTargetItems(random, numItems, 50), - } - } - return items -} - -func makeNTargetItems(random rand.Rand, numItems, numLabels int) []*target.Item { - items := make([]*target.Item, 0, numItems) - for i := 0; i < numItems; i++ { - items = append(items, target.NewItem( - randSeq(random, 80), - randSeq(random, 150), - makeNNewLabels(random, numLabels), - randSeq(random, 30), - )) - } - return items -} - -func makeNNewLabels(random rand.Rand, n int) model.LabelSet { - labels := make(map[model.LabelName]model.LabelValue, n) - for i := 0; i < n; i++ { - labels[model.LabelName(randSeq(random, 20))] = model.LabelValue(randSeq(random, 20)) - } - return labels -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/server/mocks_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/server/mocks_test.go deleted file mode 100644 index 160a8e316..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/server/mocks_test.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package server - -import ( - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -var _ allocation.Allocator = &mockAllocator{} - -// mockAllocator implements the Allocator interface, but all funcs other than -// TargetItems() are a no-op. -type mockAllocator struct { - targetItems map[string]*target.Item -} - -func (m *mockAllocator) SetCollectors(_ map[string]*allocation.Collector) {} -func (m *mockAllocator) SetTargets(_ map[string]*target.Item) {} -func (m *mockAllocator) Collectors() map[string]*allocation.Collector { return nil } -func (m *mockAllocator) GetTargetsForCollectorAndJob(_ string, _ string) []*target.Item { return nil } -func (m *mockAllocator) SetFilter(_ allocation.Filter) {} - -func (m *mockAllocator) TargetItems() map[string]*target.Item { - return m.targetItems -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/server/server.go b/cmd/amazon-cloudwatch-agent-target-allocator/server/server.go deleted file mode 100644 index 4eb0f3304..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/server/server.go +++ /dev/null @@ -1,229 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package server - -import ( - "context" - "fmt" - "net/http" - "net/http/pprof" - "net/url" - "strings" - "sync" - "time" - - yaml2 "github.com/ghodss/yaml" - "github.com/gin-gonic/gin" - "github.com/go-logr/logr" - jsoniter "github.com/json-iterator/go" - "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promauto" - "github.com/prometheus/client_golang/prometheus/promhttp" - promconfig "github.com/prometheus/prometheus/config" - "gopkg.in/yaml.v2" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -var ( - httpDuration = promauto.NewHistogramVec(prometheus.HistogramOpts{ - Name: "amazon_cloudwatch_agent_allocator_http_duration_seconds", - Help: "Duration of received HTTP requests.", - }, []string{"path"}) -) - -var ( - jsonConfig = jsoniter.Config{ - EscapeHTML: false, - MarshalFloatWith6Digits: true, - ObjectFieldMustBeSimpleString: true, - }.Froze() -) - -type collectorJSON struct { - Link string `json:"_link"` - Jobs []*target.Item `json:"targets"` -} - -type Server struct { - logger logr.Logger - allocator allocation.Allocator - server *http.Server - jsonMarshaller jsoniter.API - - // Use RWMutex to protect scrapeConfigResponse, since it - // will be predominantly read and only written when config - // is applied. - mtx sync.RWMutex - scrapeConfigResponse []byte -} - -func NewServer(log logr.Logger, allocator allocation.Allocator, listenAddr string) *Server { - s := &Server{ - logger: log, - allocator: allocator, - jsonMarshaller: jsonConfig, - } - - gin.SetMode(gin.ReleaseMode) - router := gin.New() - router.Use(gin.Recovery()) - router.UseRawPath = true - router.UnescapePathValues = false - router.Use(s.PrometheusMiddleware) - router.GET("/scrape_configs", s.ScrapeConfigsHandler) - router.GET("/jobs", s.JobHandler) - router.GET("/jobs/:job_id/targets", s.TargetsHandler) - router.GET("/metrics", gin.WrapH(promhttp.Handler())) - router.GET("/livez", s.LivenessProbeHandler) - router.GET("/readyz", s.ReadinessProbeHandler) - registerPprof(router.Group("/debug/pprof/")) - - s.server = &http.Server{Addr: listenAddr, Handler: router, ReadHeaderTimeout: 90 * time.Second} - return s -} - -func (s *Server) Start() error { - s.logger.Info("Starting server...") - return s.server.ListenAndServe() -} - -func (s *Server) Shutdown(ctx context.Context) error { - s.logger.Info("Shutting down server...") - return s.server.Shutdown(ctx) -} - -// UpdateScrapeConfigResponse updates the scrape config response. The target allocator first marshals these -// configurations such that the underlying prometheus marshaling is used. After that, the YAML is converted -// in to a JSON format for consumers to use. -func (s *Server) UpdateScrapeConfigResponse(configs map[string]*promconfig.ScrapeConfig) error { - var configBytes []byte - configBytes, err := yaml.Marshal(configs) - if err != nil { - return err - } - var jsonConfig []byte - jsonConfig, err = yaml2.YAMLToJSON(configBytes) - if err != nil { - return err - } - s.mtx.Lock() - s.scrapeConfigResponse = jsonConfig - s.mtx.Unlock() - return nil -} - -// ScrapeConfigsHandler returns the available scrape configuration discovered by the target allocator. -func (s *Server) ScrapeConfigsHandler(c *gin.Context) { - s.mtx.RLock() - result := s.scrapeConfigResponse - s.mtx.RUnlock() - - // We don't use the jsonHandler method because we don't want our bytes to be re-encoded - c.Writer.Header().Set("Content-Type", "application/json") - _, err := c.Writer.Write(result) - if err != nil { - s.errorHandler(c.Writer, err) - } -} - -func (s *Server) ReadinessProbeHandler(c *gin.Context) { - s.mtx.RLock() - result := s.scrapeConfigResponse - s.mtx.RUnlock() - - if result != nil { - c.Status(http.StatusOK) - } else { - c.Status(http.StatusServiceUnavailable) - } -} - -func (s *Server) JobHandler(c *gin.Context) { - displayData := make(map[string]target.LinkJSON) - for _, v := range s.allocator.TargetItems() { - displayData[v.JobName] = target.LinkJSON{Link: v.Link.Link} - } - s.jsonHandler(c.Writer, displayData) -} - -func (s *Server) LivenessProbeHandler(c *gin.Context) { - c.Status(http.StatusOK) -} - -func (s *Server) PrometheusMiddleware(c *gin.Context) { - path := c.FullPath() - timer := prometheus.NewTimer(httpDuration.WithLabelValues(path)) - c.Next() - timer.ObserveDuration() -} - -func (s *Server) TargetsHandler(c *gin.Context) { - q := c.Request.URL.Query()["collector_id"] - - jobIdParam := c.Params.ByName("job_id") - jobId, err := url.QueryUnescape(jobIdParam) - if err != nil { - s.errorHandler(c.Writer, err) - return - } - - if len(q) == 0 { - displayData := GetAllTargetsByJob(s.allocator, jobId) - s.jsonHandler(c.Writer, displayData) - - } else { - tgs := s.allocator.GetTargetsForCollectorAndJob(q[0], jobId) - // Displays empty list if nothing matches - if len(tgs) == 0 { - s.jsonHandler(c.Writer, []interface{}{}) - return - } - s.jsonHandler(c.Writer, tgs) - } -} - -func (s *Server) errorHandler(w http.ResponseWriter, err error) { - w.WriteHeader(http.StatusInternalServerError) - s.jsonHandler(w, err) -} - -func (s *Server) jsonHandler(w http.ResponseWriter, data interface{}) { - w.Header().Set("Content-Type", "application/json") - err := s.jsonMarshaller.NewEncoder(w).Encode(data) - if err != nil { - s.logger.Error(err, "failed to encode data for http response") - } -} - -// GetAllTargetsByJob is a relatively expensive call that is usually only used for debugging purposes. -func GetAllTargetsByJob(allocator allocation.Allocator, job string) map[string]collectorJSON { - displayData := make(map[string]collectorJSON) - for _, col := range allocator.Collectors() { - items := allocator.GetTargetsForCollectorAndJob(col.Name, job) - displayData[col.Name] = collectorJSON{Link: fmt.Sprintf("/jobs/%s/targets?collector_id=%s", url.QueryEscape(job), col.Name), Jobs: items} - } - return displayData -} - -// registerPprof registers the pprof handlers and either serves the requested -// specific profile or falls back to index handler. -func registerPprof(g *gin.RouterGroup) { - g.GET("/*profile", func(c *gin.Context) { - path := c.Param("profile") - switch strings.TrimPrefix(path, "/") { - case "cmdline": - gin.WrapF(pprof.Cmdline)(c) - case "profile": - gin.WrapF(pprof.Profile)(c) - case "symbol": - gin.WrapF(pprof.Symbol)(c) - case "trace": - gin.WrapF(pprof.Trace)(c) - default: - gin.WrapF(pprof.Index)(c) - } - }) -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/server/server_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/server/server_test.go deleted file mode 100644 index dc4abdbdb..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/server/server_test.go +++ /dev/null @@ -1,606 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package server - -import ( - "encoding/json" - "fmt" - "io" - "net/http" - "net/http/httptest" - "net/url" - "testing" - "time" - - "github.com/prometheus/common/config" - "github.com/prometheus/common/model" - promconfig "github.com/prometheus/prometheus/config" - "github.com/prometheus/prometheus/model/relabel" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "gopkg.in/yaml.v2" - logf "sigs.k8s.io/controller-runtime/pkg/log" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" -) - -var ( - logger = logf.Log.WithName("server-unit-tests") - baseLabelSet = model.LabelSet{ - "test_label": "test-value", - } - testJobLabelSetTwo = model.LabelSet{ - "test_label": "test-value2", - } - baseTargetItem = target.NewItem("test-job", "test-url", baseLabelSet, "test-collector") - secondTargetItem = target.NewItem("test-job", "test-url", baseLabelSet, "test-collector") - testJobTargetItemTwo = target.NewItem("test-job", "test-url2", testJobLabelSetTwo, "test-collector2") -) - -func TestServer_LivenessProbeHandler(t *testing.T) { - consistentHashing, _ := allocation.New("consistent-hashing", logger) - listenAddr := ":8080" - s := NewServer(logger, consistentHashing, listenAddr) - request := httptest.NewRequest("GET", "/livez", nil) - w := httptest.NewRecorder() - - s.server.Handler.ServeHTTP(w, request) - result := w.Result() - - assert.Equal(t, http.StatusOK, result.StatusCode) -} - -func TestServer_TargetsHandler(t *testing.T) { - consistentHashing, _ := allocation.New("consistent-hashing", logger) - type args struct { - collector string - job string - cMap map[string]*target.Item - allocator allocation.Allocator - } - type want struct { - items []*target.Item - errString string - } - tests := []struct { - name string - args args - want want - }{ - { - name: "Empty target map", - args: args{ - collector: "test-collector", - job: "test-job", - cMap: map[string]*target.Item{}, - allocator: consistentHashing, - }, - want: want{ - items: []*target.Item{}, - }, - }, - { - name: "Single entry target map", - args: args{ - collector: "test-collector", - job: "test-job", - cMap: map[string]*target.Item{ - baseTargetItem.Hash(): baseTargetItem, - }, - allocator: consistentHashing, - }, - want: want{ - items: []*target.Item{ - { - TargetURL: []string{"test-url"}, - Labels: map[model.LabelName]model.LabelValue{ - "test_label": "test-value", - }, - }, - }, - }, - }, - { - name: "Multiple entry target map", - args: args{ - collector: "test-collector", - job: "test-job", - cMap: map[string]*target.Item{ - baseTargetItem.Hash(): baseTargetItem, - secondTargetItem.Hash(): secondTargetItem, - }, - allocator: consistentHashing, - }, - want: want{ - items: []*target.Item{ - { - TargetURL: []string{"test-url"}, - Labels: map[model.LabelName]model.LabelValue{ - "test_label": "test-value", - }, - }, - }, - }, - }, - { - name: "Multiple entry target map of same job with label merge", - args: args{ - collector: "test-collector", - job: "test-job", - cMap: map[string]*target.Item{ - baseTargetItem.Hash(): baseTargetItem, - testJobTargetItemTwo.Hash(): testJobTargetItemTwo, - }, - allocator: consistentHashing, - }, - want: want{ - items: []*target.Item{ - { - TargetURL: []string{"test-url"}, - Labels: map[model.LabelName]model.LabelValue{ - "test_label": "test-value", - }, - }, - { - TargetURL: []string{"test-url2"}, - Labels: map[model.LabelName]model.LabelValue{ - "test_label": "test-value2", - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - listenAddr := ":8080" - s := NewServer(logger, tt.args.allocator, listenAddr) - tt.args.allocator.SetCollectors(map[string]*allocation.Collector{"test-collector": {Name: "test-collector"}}) - tt.args.allocator.SetTargets(tt.args.cMap) - request := httptest.NewRequest("GET", fmt.Sprintf("/jobs/%s/targets?collector_id=%s", tt.args.job, tt.args.collector), nil) - w := httptest.NewRecorder() - - s.server.Handler.ServeHTTP(w, request) - result := w.Result() - - assert.Equal(t, http.StatusOK, result.StatusCode) - body := result.Body - bodyBytes, err := io.ReadAll(body) - assert.NoError(t, err) - if len(tt.want.errString) != 0 { - assert.EqualError(t, err, tt.want.errString) - return - } - var itemResponse []*target.Item - err = json.Unmarshal(bodyBytes, &itemResponse) - assert.NoError(t, err) - assert.ElementsMatch(t, tt.want.items, itemResponse) - }) - } -} - -func TestServer_ScrapeConfigsHandler(t *testing.T) { - tests := []struct { - description string - scrapeConfigs map[string]*promconfig.ScrapeConfig - expectedCode int - expectedBody []byte - }{ - { - description: "nil scrape config", - scrapeConfigs: nil, - expectedCode: http.StatusOK, - expectedBody: []byte("{}"), - }, - { - description: "empty scrape config", - scrapeConfigs: map[string]*promconfig.ScrapeConfig{}, - expectedCode: http.StatusOK, - expectedBody: []byte("{}"), - }, - { - description: "single entry", - scrapeConfigs: map[string]*promconfig.ScrapeConfig{ - "serviceMonitor/testapp/testapp/0": { - JobName: "serviceMonitor/testapp/testapp/0", - HonorTimestamps: true, - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: config.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - expectedCode: http.StatusOK, - }, - { - description: "multiple entries", - scrapeConfigs: map[string]*promconfig.ScrapeConfig{ - "serviceMonitor/testapp/testapp/0": { - JobName: "serviceMonitor/testapp/testapp/0", - HonorTimestamps: true, - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: config.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{ - model.LabelName("__meta_kubernetes_service_label_app_kubernetes_io_name"), - model.LabelName("__meta_kubernetes_service_labelpresent_app_kubernetes_io_name"), - }, - Separator: ";", - Regex: relabel.MustNewRegexp("(testapp);true"), - Replacement: "$$1", - Action: relabel.Keep, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_endpoint_port_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("http"), - Replacement: "$$1", - Action: relabel.Keep, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_namespace")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "namespace", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_service_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "service", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "pod", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_container_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "container", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - "serviceMonitor/testapp/testapp1/0": { - JobName: "serviceMonitor/testapp/testapp1/0", - HonorTimestamps: true, - ScrapeInterval: model.Duration(5 * time.Minute), - ScrapeTimeout: model.Duration(10 * time.Second), - MetricsPath: "/v2/metrics", - Scheme: "http", - HTTPClientConfig: config.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{ - model.LabelName("__meta_kubernetes_service_label_app_kubernetes_io_name"), - model.LabelName("__meta_kubernetes_service_labelpresent_app_kubernetes_io_name"), - }, - Separator: ";", - Regex: relabel.MustNewRegexp("(testapp);true"), - Replacement: "$$1", - Action: relabel.Keep, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_endpoint_port_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("http"), - Replacement: "$$1", - Action: relabel.Keep, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_namespace")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "namespace", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_service_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "service", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "pod", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_container_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "container", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - "serviceMonitor/testapp/testapp2/0": { - JobName: "serviceMonitor/testapp/testapp2/0", - HonorTimestamps: true, - ScrapeInterval: model.Duration(30 * time.Minute), - ScrapeTimeout: model.Duration(2 * time.Minute), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: config.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{ - model.LabelName("__meta_kubernetes_service_label_app_kubernetes_io_name"), - model.LabelName("__meta_kubernetes_service_labelpresent_app_kubernetes_io_name"), - }, - Separator: ";", - Regex: relabel.MustNewRegexp("(testapp);true"), - Replacement: "$$1", - Action: relabel.Keep, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_endpoint_port_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("http"), - Replacement: "$$1", - Action: relabel.Keep, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_namespace")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "namespace", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_service_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "service", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "pod", - Replacement: "$$1", - Action: relabel.Replace, - }, - { - SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_container_name")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "container", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - expectedCode: http.StatusOK, - }, - } - for _, tc := range tests { - t.Run(tc.description, func(t *testing.T) { - listenAddr := ":8080" - s := NewServer(logger, nil, listenAddr) - assert.NoError(t, s.UpdateScrapeConfigResponse(tc.scrapeConfigs)) - - request := httptest.NewRequest("GET", "/scrape_configs", nil) - w := httptest.NewRecorder() - - s.server.Handler.ServeHTTP(w, request) - result := w.Result() - - assert.Equal(t, tc.expectedCode, result.StatusCode) - bodyBytes, err := io.ReadAll(result.Body) - require.NoError(t, err) - if tc.expectedBody != nil { - assert.Equal(t, tc.expectedBody, bodyBytes) - return - } - scrapeConfigs := map[string]*promconfig.ScrapeConfig{} - err = yaml.Unmarshal(bodyBytes, scrapeConfigs) - require.NoError(t, err) - assert.Equal(t, tc.scrapeConfigs, scrapeConfigs) - }) - } -} - -func TestServer_JobHandler(t *testing.T) { - tests := []struct { - description string - targetItems map[string]*target.Item - expectedCode int - expectedJobs map[string]target.LinkJSON - }{ - { - description: "nil jobs", - targetItems: nil, - expectedCode: http.StatusOK, - expectedJobs: make(map[string]target.LinkJSON), - }, - { - description: "empty jobs", - targetItems: map[string]*target.Item{}, - expectedCode: http.StatusOK, - expectedJobs: make(map[string]target.LinkJSON), - }, - { - description: "one job", - targetItems: map[string]*target.Item{ - "targetitem": target.NewItem("job1", "", model.LabelSet{}, ""), - }, - expectedCode: http.StatusOK, - expectedJobs: map[string]target.LinkJSON{ - "job1": newLink("job1"), - }, - }, - { - description: "multiple jobs", - targetItems: map[string]*target.Item{ - "a": target.NewItem("job1", "", model.LabelSet{}, ""), - "b": target.NewItem("job2", "", model.LabelSet{}, ""), - "c": target.NewItem("job3", "", model.LabelSet{}, ""), - "d": target.NewItem("job3", "", model.LabelSet{}, ""), - "e": target.NewItem("job3", "", model.LabelSet{}, "")}, - expectedCode: http.StatusOK, - expectedJobs: map[string]target.LinkJSON{ - "job1": newLink("job1"), - "job2": newLink("job2"), - "job3": newLink("job3"), - }, - }, - } - for _, tc := range tests { - t.Run(tc.description, func(t *testing.T) { - listenAddr := ":8080" - a := &mockAllocator{targetItems: tc.targetItems} - s := NewServer(logger, a, listenAddr) - request := httptest.NewRequest("GET", "/jobs", nil) - w := httptest.NewRecorder() - - s.server.Handler.ServeHTTP(w, request) - result := w.Result() - - assert.Equal(t, tc.expectedCode, result.StatusCode) - bodyBytes, err := io.ReadAll(result.Body) - require.NoError(t, err) - jobs := map[string]target.LinkJSON{} - err = json.Unmarshal(bodyBytes, &jobs) - require.NoError(t, err) - assert.Equal(t, tc.expectedJobs, jobs) - }) - } -} -func TestServer_Readiness(t *testing.T) { - tests := []struct { - description string - scrapeConfigs map[string]*promconfig.ScrapeConfig - expectedCode int - expectedBody []byte - }{ - { - description: "nil scrape config", - scrapeConfigs: nil, - expectedCode: http.StatusServiceUnavailable, - }, - { - description: "empty scrape config", - scrapeConfigs: map[string]*promconfig.ScrapeConfig{}, - expectedCode: http.StatusOK, - }, - { - description: "single entry", - scrapeConfigs: map[string]*promconfig.ScrapeConfig{ - "serviceMonitor/testapp/testapp/0": { - JobName: "serviceMonitor/testapp/testapp/0", - HonorTimestamps: true, - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: config.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - expectedCode: http.StatusOK, - }, - } - for _, tc := range tests { - t.Run(tc.description, func(t *testing.T) { - listenAddr := ":8080" - s := NewServer(logger, nil, listenAddr) - if tc.scrapeConfigs != nil { - assert.NoError(t, s.UpdateScrapeConfigResponse(tc.scrapeConfigs)) - } - - request := httptest.NewRequest("GET", "/readyz", nil) - w := httptest.NewRecorder() - - s.server.Handler.ServeHTTP(w, request) - result := w.Result() - - assert.Equal(t, tc.expectedCode, result.StatusCode) - }) - } -} - -func newLink(jobName string) target.LinkJSON { - return target.LinkJSON{Link: fmt.Sprintf("/jobs/%s/targets", url.QueryEscape(jobName))} -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery.go b/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery.go deleted file mode 100644 index 5f9924c34..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery.go +++ /dev/null @@ -1,145 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package target - -import ( - "hash" - "hash/fnv" - - "github.com/go-logr/logr" - "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promauto" - "github.com/prometheus/common/model" - "github.com/prometheus/prometheus/config" - "github.com/prometheus/prometheus/discovery" - "github.com/prometheus/prometheus/model/relabel" - "gopkg.in/yaml.v3" - - allocatorWatcher "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/watcher" -) - -var ( - targetsDiscovered = promauto.NewGaugeVec(prometheus.GaugeOpts{ - Name: "amazon_cloudwatch_agent_allocator_targets", - Help: "Number of targets discovered.", - }, []string{"job_name"}) -) - -type Discoverer struct { - log logr.Logger - manager *discovery.Manager - close chan struct{} - configsMap map[allocatorWatcher.EventSource]*config.Config - hook discoveryHook - scrapeConfigsHash hash.Hash - scrapeConfigsUpdater scrapeConfigsUpdater -} - -type discoveryHook interface { - SetConfig(map[string][]*relabel.Config) -} - -type scrapeConfigsUpdater interface { - UpdateScrapeConfigResponse(map[string]*config.ScrapeConfig) error -} - -func NewDiscoverer(log logr.Logger, manager *discovery.Manager, hook discoveryHook, scrapeConfigsUpdater scrapeConfigsUpdater) *Discoverer { - return &Discoverer{ - log: log, - manager: manager, - close: make(chan struct{}), - configsMap: make(map[allocatorWatcher.EventSource]*config.Config), - hook: hook, - scrapeConfigsUpdater: scrapeConfigsUpdater, - } -} - -func (m *Discoverer) ApplyConfig(source allocatorWatcher.EventSource, cfg *config.Config) error { - if cfg == nil { - m.log.Info("Service Discovery got empty Prometheus config", "source", source.String()) - return nil - } - m.configsMap[source] = cfg - jobToScrapeConfig := make(map[string]*config.ScrapeConfig) - - discoveryCfg := make(map[string]discovery.Configs) - relabelCfg := make(map[string][]*relabel.Config) - - for _, value := range m.configsMap { - for _, scrapeConfig := range value.ScrapeConfigs { - jobToScrapeConfig[scrapeConfig.JobName] = scrapeConfig - discoveryCfg[scrapeConfig.JobName] = scrapeConfig.ServiceDiscoveryConfigs - relabelCfg[scrapeConfig.JobName] = scrapeConfig.RelabelConfigs - } - } - - hash, err := getScrapeConfigHash(jobToScrapeConfig) - if err != nil { - return err - } - // If the hash has changed, updated stored hash and send the new config. - // Otherwise skip updating scrape configs. - if m.scrapeConfigsUpdater != nil && m.scrapeConfigsHash != hash { - err := m.scrapeConfigsUpdater.UpdateScrapeConfigResponse(jobToScrapeConfig) - if err != nil { - return err - } - - m.scrapeConfigsHash = hash - } - - if m.hook != nil { - m.hook.SetConfig(relabelCfg) - } - return m.manager.ApplyConfig(discoveryCfg) -} - -func (m *Discoverer) Watch(fn func(targets map[string]*Item)) error { - for { - select { - case <-m.close: - m.log.Info("Service Discovery watch event stopped: discovery manager closed") - return nil - case tsets := <-m.manager.SyncCh(): - targets := map[string]*Item{} - - for jobName, tgs := range tsets { - var count float64 = 0 - for _, tg := range tgs { - for _, t := range tg.Targets { - count++ - item := NewItem(jobName, string(t[model.AddressLabel]), t.Merge(tg.Labels), "") - targets[item.Hash()] = item - } - } - targetsDiscovered.WithLabelValues(jobName).Set(count) - } - fn(targets) - } - } -} - -func (m *Discoverer) Close() { - close(m.close) -} - -// Calculate a hash for a scrape config map. -// This is done by marshaling to YAML because it's the most straightforward and doesn't run into problems with unexported fields. -func getScrapeConfigHash(jobToScrapeConfig map[string]*config.ScrapeConfig) (hash.Hash64, error) { - var err error - hash := fnv.New64() - yamlEncoder := yaml.NewEncoder(hash) - for jobName, scrapeConfig := range jobToScrapeConfig { - _, err = hash.Write([]byte(jobName)) - if err != nil { - return nil, err - } - err = yamlEncoder.Encode(scrapeConfig) - if err != nil { - return nil, err - } - } - yamlEncoder.Close() - return hash, err -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery_test.go deleted file mode 100644 index bd75d7155..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery_test.go +++ /dev/null @@ -1,402 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package target - -import ( - "context" - "errors" - "hash" - "sort" - "testing" - "time" - - gokitlog "github.com/go-kit/log" - commonconfig "github.com/prometheus/common/config" - "github.com/prometheus/common/model" - promconfig "github.com/prometheus/prometheus/config" - "github.com/prometheus/prometheus/discovery" - "github.com/prometheus/prometheus/model/relabel" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - ctrl "sigs.k8s.io/controller-runtime" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/config" - allocatorWatcher "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/watcher" -) - -func TestDiscovery(t *testing.T) { - type args struct { - file string - } - tests := []struct { - name string - args args - want []string - }{ - { - name: "base case", - args: args{ - file: "./testdata/test.yaml", - }, - want: []string{"prom.domain:9001", "prom.domain:9002", "prom.domain:9003", "prom.domain:8001", "promfile.domain:1001", "promfile.domain:3000"}, - }, - { - name: "update", - args: args{ - file: "./testdata/test_update.yaml", - }, - want: []string{"prom.domain:9004", "prom.domain:9005", "promfile.domain:1001", "promfile.domain:3000"}, - }, - } - scu := &mockScrapeConfigUpdater{} - ctx, cancelFunc := context.WithCancel(context.Background()) - d := discovery.NewManager(ctx, gokitlog.NewNopLogger()) - manager := NewDiscoverer(ctrl.Log.WithName("test"), d, nil, scu) - - defer func() { manager.Close() }() - defer cancelFunc() - - results := make(chan []string) - go func() { - err := d.Run() - assert.Error(t, err) - }() - go func() { - err := manager.Watch(func(targets map[string]*Item) { - var result []string - for _, t := range targets { - result = append(result, t.TargetURL[0]) - } - results <- result - }) - assert.NoError(t, err) - }() - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - cfg := config.CreateDefaultConfig() - err := config.LoadFromFile(tt.args.file, &cfg) - assert.NoError(t, err) - assert.True(t, len(cfg.PromConfig.ScrapeConfigs) > 0) - err = manager.ApplyConfig(allocatorWatcher.EventSourcePrometheusCR, cfg.PromConfig) - assert.NoError(t, err) - - gotTargets := <-results - sort.Strings(gotTargets) - sort.Strings(tt.want) - assert.Equal(t, tt.want, gotTargets) - - // check the updated scrape configs - expectedScrapeConfigs := map[string]*promconfig.ScrapeConfig{} - for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { - expectedScrapeConfigs[scrapeConfig.JobName] = scrapeConfig - } - assert.Equal(t, expectedScrapeConfigs, scu.mockCfg) - }) - } -} - -func TestDiscovery_ScrapeConfigHashing(t *testing.T) { - // these tests are meant to be run sequentially in this order, to test - // that hashing doesn't cause us to send the wrong information. - tests := []struct { - description string - cfg *promconfig.Config - expectErr bool - }{ - { - description: "base config", - cfg: &promconfig.Config{ - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "serviceMonitor/testapp/testapp/0", - HonorTimestamps: true, - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - }, - }, - { - description: "different bool", - cfg: &promconfig.Config{ - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "serviceMonitor/testapp/testapp/0", - HonorTimestamps: false, - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - }, - }, - { - description: "different job name", - cfg: &promconfig.Config{ - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "serviceMonitor/testapp/testapp/1", - HonorTimestamps: false, - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - }, - }, - { - description: "different key", - cfg: &promconfig.Config{ - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "serviceMonitor/testapp/testapp/1", - HonorTimestamps: false, - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - }, - }, - { - description: "unset scrape interval", - cfg: &promconfig.Config{ - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "serviceMonitor/testapp/testapp/1", - HonorTimestamps: false, - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - }, - }, - { - description: "different regex", - cfg: &promconfig.Config{ - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "serviceMonitor/testapp/testapp/1", - HonorTimestamps: false, - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.+)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - }, - }, - }, - }, - { - description: "mock error on update - no hash update", - cfg: &promconfig.Config{ - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "error", - }, - }, - }, - expectErr: true, - }, - } - var ( - lastValidHash hash.Hash - expectedConfig map[string]*promconfig.ScrapeConfig - lastValidConfig map[string]*promconfig.ScrapeConfig - ) - - scu := &mockScrapeConfigUpdater{} - ctx := context.Background() - d := discovery.NewManager(ctx, gokitlog.NewNopLogger()) - manager := NewDiscoverer(ctrl.Log.WithName("test"), d, nil, scu) - - for _, tc := range tests { - t.Run(tc.description, func(t *testing.T) { - err := manager.ApplyConfig(allocatorWatcher.EventSourcePrometheusCR, tc.cfg) - if !tc.expectErr { - expectedConfig = make(map[string]*promconfig.ScrapeConfig) - for _, value := range manager.configsMap { - for _, scrapeConfig := range value.ScrapeConfigs { - expectedConfig[scrapeConfig.JobName] = scrapeConfig - } - } - assert.NoError(t, err) - assert.NotZero(t, manager.scrapeConfigsHash) - // Assert that scrape configs in manager are correctly - // reflected in the scrape job updater. - assert.Equal(t, expectedConfig, scu.mockCfg) - - lastValidHash = manager.scrapeConfigsHash - lastValidConfig = expectedConfig - } else { - // In case of error, assert that we retain the last - // known valid config. - assert.Error(t, err) - assert.Equal(t, lastValidHash, manager.scrapeConfigsHash) - assert.Equal(t, lastValidConfig, scu.mockCfg) - } - - }) - } -} - -func TestDiscovery_NoConfig(t *testing.T) { - scu := &mockScrapeConfigUpdater{mockCfg: map[string]*promconfig.ScrapeConfig{}} - ctx, cancelFunc := context.WithCancel(context.Background()) - d := discovery.NewManager(ctx, gokitlog.NewNopLogger()) - manager := NewDiscoverer(ctrl.Log.WithName("test"), d, nil, scu) - defer close(manager.close) - defer cancelFunc() - - go func() { - err := d.Run() - assert.Error(t, err) - }() - // check the updated scrape configs - expectedScrapeConfigs := map[string]*promconfig.ScrapeConfig{} - assert.Equal(t, expectedScrapeConfigs, scu.mockCfg) -} - -func BenchmarkApplyScrapeConfig(b *testing.B) { - numConfigs := 1000 - scrapeConfig := promconfig.ScrapeConfig{ - JobName: "serviceMonitor/testapp/testapp/0", - HonorTimestamps: true, - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(30 * time.Second), - MetricsPath: "/metrics", - Scheme: "http", - HTTPClientConfig: commonconfig.HTTPClientConfig{ - FollowRedirects: true, - }, - RelabelConfigs: []*relabel.Config{ - { - SourceLabels: model.LabelNames{model.LabelName("job")}, - Separator: ";", - Regex: relabel.MustNewRegexp("(.*)"), - TargetLabel: "__tmp_prometheus_job_name", - Replacement: "$$1", - Action: relabel.Replace, - }, - }, - } - cfg := &promconfig.Config{ - ScrapeConfigs: make([]*promconfig.ScrapeConfig, numConfigs), - } - - for i := 0; i < numConfigs; i++ { - cfg.ScrapeConfigs[i] = &scrapeConfig - } - - scu := &mockScrapeConfigUpdater{} - ctx := context.Background() - d := discovery.NewManager(ctx, gokitlog.NewNopLogger()) - manager := NewDiscoverer(ctrl.Log.WithName("test"), d, nil, scu) - - b.ResetTimer() - for i := 0; i < b.N; i++ { - err := manager.ApplyConfig(allocatorWatcher.EventSourcePrometheusCR, cfg) - require.NoError(b, err) - } -} - -var _ scrapeConfigsUpdater = &mockScrapeConfigUpdater{} - -// mockScrapeConfigUpdater is a mock implementation of the scrapeConfigsUpdater. -// If a job with name "error" is provided to the UpdateScrapeConfigResponse, -// it will return an error for testing purposes. -type mockScrapeConfigUpdater struct { - mockCfg map[string]*promconfig.ScrapeConfig -} - -func (m *mockScrapeConfigUpdater) UpdateScrapeConfigResponse(cfg map[string]*promconfig.ScrapeConfig) error { - if _, ok := cfg["error"]; ok { - return errors.New("error") - } - - m.mockCfg = cfg - return nil -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/target.go b/cmd/amazon-cloudwatch-agent-target-allocator/target/target.go deleted file mode 100644 index fb49e96ec..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/target/target.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package target - -import ( - "fmt" - "net/url" - - "github.com/prometheus/common/model" -) - -// LinkJSON This package contains common structs and methods that relate to scrape targets. -type LinkJSON struct { - Link string `json:"_link"` -} - -type Item struct { - JobName string `json:"-"` - Link LinkJSON `json:"-"` - TargetURL []string `json:"targets"` - Labels model.LabelSet `json:"labels"` - CollectorName string `json:"-"` - hash string -} - -func (t *Item) Hash() string { - return t.hash -} - -// NewItem Creates a new target item. -// INVARIANTS: -// * Item fields must not be modified after creation. -// * Item should only be made via its constructor, never directly. -func NewItem(jobName string, targetURL string, label model.LabelSet, collectorName string) *Item { - return &Item{ - JobName: jobName, - Link: LinkJSON{Link: fmt.Sprintf("/jobs/%s/targets", url.QueryEscape(jobName))}, - hash: jobName + targetURL + label.Fingerprint().String(), - TargetURL: []string{targetURL}, - Labels: label, - CollectorName: collectorName, - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test.yaml deleted file mode 100644 index f9582037f..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -label_selector: - app.kubernetes.io/instance: default.test - app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator -config: - scrape_configs: - - job_name: prometheus - - file_sd_configs: - - files: - - ../config/testdata/file_sd_test.json - static_configs: - - targets: ["prom.domain:9001", "prom.domain:9002", "prom.domain:9003"] - labels: - my: label - - job_name: prometheus2 - static_configs: - - targets: ["prom.domain:8001"] diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test_update.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test_update.yaml deleted file mode 100644 index 826b0b410..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test_update.yaml +++ /dev/null @@ -1,14 +0,0 @@ -label_selector: - app.kubernetes.io/instance: default.test - app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator -config: - scrape_configs: - - job_name: prometheus - - file_sd_configs: - - files: - - ../config/testdata/file_sd_test.json - static_configs: - - targets: ["prom.domain:9004", "prom.domain:9005"] - labels: - my: other-label diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/file.go b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/file.go deleted file mode 100644 index d3fa77271..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/file.go +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package watcher - -import ( - "context" - "path/filepath" - - "github.com/fsnotify/fsnotify" - "github.com/go-logr/logr" - promconfig "github.com/prometheus/prometheus/config" - - "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/config" -) - -var _ Watcher = &FileWatcher{} - -type FileWatcher struct { - logger logr.Logger - configFilePath string - watcher *fsnotify.Watcher - closer chan bool -} - -func NewFileWatcher(logger logr.Logger, configFilePath string) (*FileWatcher, error) { - fileWatcher, err := fsnotify.NewWatcher() - if err != nil { - logger.Error(err, "Can't start the watcher") - return &FileWatcher{}, err - } - - return &FileWatcher{ - logger: logger, - configFilePath: configFilePath, - watcher: fileWatcher, - closer: make(chan bool), - }, nil -} - -func (f *FileWatcher) LoadConfig(_ context.Context) (*promconfig.Config, error) { - cfg := config.CreateDefaultConfig() - err := config.LoadFromFile(f.configFilePath, &cfg) - if err != nil { - f.logger.Error(err, "Unable to load configuration") - return nil, err - } - return cfg.PromConfig, nil -} - -func (f *FileWatcher) Watch(upstreamEvents chan Event, upstreamErrors chan error) error { - err := f.watcher.Add(filepath.Dir(f.configFilePath)) - if err != nil { - return err - } - - for { - select { - case <-f.closer: - return nil - case fileEvent := <-f.watcher.Events: - // Using Op.Has as per this doc - https://github.com/fsnotify/fsnotify/blob/9342b6df577910c6eac718dc62845d8c95f8548b/fsnotify.go#L30 - if fileEvent.Op.Has(fsnotify.Create) || fileEvent.Op.Has(fsnotify.Write) { - f.logger.Info("File change detected", "event", fileEvent.Op.String()) - upstreamEvents <- Event{ - Source: EventSourceConfigMap, - Watcher: Watcher(f), - } - } - case err := <-f.watcher.Errors: - upstreamErrors <- err - } - } -} - -func (f *FileWatcher) Close() error { - f.closer <- true - return f.watcher.Close() -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator.go b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator.go deleted file mode 100644 index b85e809fd..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator.go +++ /dev/null @@ -1,359 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package watcher - -import ( - "context" - "fmt" - "os" - "time" - - "github.com/go-kit/log" - "github.com/go-kit/log/level" - "github.com/go-logr/logr" - monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - promv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" - "github.com/prometheus-operator/prometheus-operator/pkg/assets" - monitoringclient "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned" - "github.com/prometheus-operator/prometheus-operator/pkg/informers" - "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" - promconfig "github.com/prometheus/prometheus/config" - kubeDiscovery "github.com/prometheus/prometheus/discovery/kubernetes" - "gopkg.in/yaml.v2" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/tools/cache" - - allocatorconfig "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/config" -) - -const minEventInterval = time.Second * 5 - -func NewPrometheusCRWatcher(logger logr.Logger, cfg allocatorconfig.Config) (*PrometheusCRWatcher, error) { - mClient, err := monitoringclient.NewForConfig(cfg.ClusterConfig) - if err != nil { - return nil, err - } - - clientset, err := kubernetes.NewForConfig(cfg.ClusterConfig) - if err != nil { - return nil, err - } - - factory := informers.NewMonitoringInformerFactories(map[string]struct{}{v1.NamespaceAll: {}}, map[string]struct{}{}, mClient, allocatorconfig.DefaultResyncTime, nil) //TODO decide what strategy to use regarding namespaces - - monitoringInformers, err := getInformers(factory) - if err != nil { - return nil, err - } - - // TODO: We should make these durations configurable - prom := &monitoringv1.Prometheus{ - Spec: monitoringv1.PrometheusSpec{ - CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ - ScrapeInterval: monitoringv1.Duration(cfg.PrometheusCR.ScrapeInterval.String()), - }, - }, - } - - promOperatorLogger := level.NewFilter(log.NewLogfmtLogger(os.Stderr), level.AllowWarn()) - generator, err := prometheus.NewConfigGenerator(promOperatorLogger, prom, true) - - if err != nil { - return nil, err - } - - servMonSelector := getSelector(cfg.ServiceMonitorSelector) - - podMonSelector := getSelector(cfg.PodMonitorSelector) - - return &PrometheusCRWatcher{ - logger: logger, - kubeMonitoringClient: mClient, - k8sClient: clientset, - informers: monitoringInformers, - stopChannel: make(chan struct{}), - eventInterval: minEventInterval, - configGenerator: generator, - kubeConfigPath: cfg.KubeConfigFilePath, - serviceMonitorSelector: servMonSelector, - podMonitorSelector: podMonSelector, - }, nil -} - -type PrometheusCRWatcher struct { - logger logr.Logger - kubeMonitoringClient monitoringclient.Interface - k8sClient kubernetes.Interface - informers map[string]*informers.ForResource - eventInterval time.Duration - stopChannel chan struct{} - configGenerator *prometheus.ConfigGenerator - kubeConfigPath string - - serviceMonitorSelector labels.Selector - podMonitorSelector labels.Selector -} - -func getSelector(s map[string]string) labels.Selector { - if s == nil { - return labels.NewSelector() - } - return labels.SelectorFromSet(s) -} - -// getInformers returns a map of informers for the given resources. -func getInformers(factory informers.FactoriesForNamespaces) (map[string]*informers.ForResource, error) { - serviceMonitorInformers, err := informers.NewInformersForResource(factory, monitoringv1.SchemeGroupVersion.WithResource(monitoringv1.ServiceMonitorName)) - if err != nil { - return nil, err - } - - podMonitorInformers, err := informers.NewInformersForResource(factory, monitoringv1.SchemeGroupVersion.WithResource(monitoringv1.PodMonitorName)) - if err != nil { - return nil, err - } - - return map[string]*informers.ForResource{ - monitoringv1.ServiceMonitorName: serviceMonitorInformers, - monitoringv1.PodMonitorName: podMonitorInformers, - }, nil -} - -// Watch wrapped informers and wait for an initial sync. -func (w *PrometheusCRWatcher) Watch(upstreamEvents chan Event, upstreamErrors chan error) error { - success := true - // this channel needs to be buffered because notifications are asynchronous and neither producers nor consumers wait - notifyEvents := make(chan struct{}, 1) - - for name, resource := range w.informers { - resource.Start(w.stopChannel) - - if ok := cache.WaitForNamedCacheSync(name, w.stopChannel, resource.HasSynced); !ok { - success = false - } - - // only send an event notification if there isn't one already - resource.AddEventHandler(cache.ResourceEventHandlerFuncs{ - // these functions only write to the notification channel if it's empty to avoid blocking - // if scrape config updates are being rate-limited - AddFunc: func(obj interface{}) { - select { - case notifyEvents <- struct{}{}: - default: - } - }, - UpdateFunc: func(oldObj, newObj interface{}) { - select { - case notifyEvents <- struct{}{}: - default: - } - }, - DeleteFunc: func(obj interface{}) { - select { - case notifyEvents <- struct{}{}: - default: - } - }, - }) - } - if !success { - return fmt.Errorf("failed to sync cache") - } - - // limit the rate of outgoing events - w.rateLimitedEventSender(upstreamEvents, notifyEvents) - - <-w.stopChannel - return nil -} - -// rateLimitedEventSender sends events to the upstreamEvents channel whenever it gets a notification on the notifyEvents channel, -// but not more frequently than once per w.eventPeriod. -func (w *PrometheusCRWatcher) rateLimitedEventSender(upstreamEvents chan Event, notifyEvents chan struct{}) { - ticker := time.NewTicker(w.eventInterval) - defer ticker.Stop() - - event := Event{ - Source: EventSourcePrometheusCR, - Watcher: Watcher(w), - } - - for { - select { - case <-w.stopChannel: - return - case <-ticker.C: // throttle events to avoid excessive updates - select { - case <-notifyEvents: - select { - case upstreamEvents <- event: - default: // put the notification back in the queue if we can't send it upstream - select { - case notifyEvents <- struct{}{}: - default: - } - } - default: - } - } - } -} - -func (w *PrometheusCRWatcher) Close() error { - close(w.stopChannel) - return nil -} - -func (w *PrometheusCRWatcher) LoadConfig(ctx context.Context) (*promconfig.Config, error) { - store := assets.NewStore(w.k8sClient.CoreV1(), w.k8sClient.CoreV1()) - serviceMonitorInstances := make(map[string]*monitoringv1.ServiceMonitor) - smRetrieveErr := w.informers[monitoringv1.ServiceMonitorName].ListAll(w.serviceMonitorSelector, func(sm interface{}) { - monitor := sm.(*monitoringv1.ServiceMonitor) - key, _ := cache.DeletionHandlingMetaNamespaceKeyFunc(monitor) - w.addStoreAssetsForServiceMonitor(ctx, monitor.Name, monitor.Namespace, monitor.Spec.Endpoints, store) - serviceMonitorInstances[key] = monitor - }) - if smRetrieveErr != nil { - return nil, smRetrieveErr - } - - podMonitorInstances := make(map[string]*monitoringv1.PodMonitor) - pmRetrieveErr := w.informers[monitoringv1.PodMonitorName].ListAll(w.podMonitorSelector, func(pm interface{}) { - monitor := pm.(*monitoringv1.PodMonitor) - key, _ := cache.DeletionHandlingMetaNamespaceKeyFunc(monitor) - w.addStoreAssetsForPodMonitor(ctx, monitor.Name, monitor.Namespace, monitor.Spec.PodMetricsEndpoints, store) - podMonitorInstances[key] = monitor - }) - if pmRetrieveErr != nil { - return nil, pmRetrieveErr - } - - generatedConfig, err := w.configGenerator.GenerateServerConfiguration( - ctx, - "30s", - "", - nil, - nil, - monitoringv1.TSDBSpec{}, - nil, - nil, - serviceMonitorInstances, - podMonitorInstances, - map[string]*monitoringv1.Probe{}, - map[string]*promv1alpha1.ScrapeConfig{}, - store, - nil, - nil, - nil, - []string{}) - if err != nil { - return nil, err - } - - promCfg := &promconfig.Config{} - unmarshalErr := yaml.Unmarshal(generatedConfig, promCfg) - if unmarshalErr != nil { - return nil, unmarshalErr - } - - // set kubeconfig path to service discovery configs, else kubernetes_sd will always attempt in-cluster - // authentication even if running with a detected kubeconfig - for _, scrapeConfig := range promCfg.ScrapeConfigs { - for _, serviceDiscoveryConfig := range scrapeConfig.ServiceDiscoveryConfigs { - if serviceDiscoveryConfig.Name() == "kubernetes" { - sdConfig := interface{}(serviceDiscoveryConfig).(*kubeDiscovery.SDConfig) - sdConfig.KubeConfig = w.kubeConfigPath - } - } - } - return promCfg, nil -} - -// addStoreAssetsForServiceMonitor adds authentication / authorization related information to the assets store, -// based on the service monitor and endpoints specs. -// This code borrows from -// https://github.com/prometheus-operator/prometheus-operator/blob/06b5c4189f3f72737766d86103d049115c3aff48/pkg/prometheus/resource_selector.go#L73. -func (w *PrometheusCRWatcher) addStoreAssetsForServiceMonitor( - ctx context.Context, - smName, smNamespace string, - endps []monitoringv1.Endpoint, - store *assets.Store, -) { - var err error - for i, endp := range endps { - objKey := fmt.Sprintf("serviceMonitor/%s/%s/%d", smNamespace, smName, i) - - if err = store.AddBearerToken(ctx, smNamespace, endp.BearerTokenSecret, objKey); err != nil { - break - } - - if err = store.AddBasicAuth(ctx, smNamespace, endp.BasicAuth, objKey); err != nil { - break - } - - if endp.TLSConfig != nil { - if err = store.AddTLSConfig(ctx, smNamespace, endp.TLSConfig); err != nil { - break - } - } - - if err = store.AddOAuth2(ctx, smNamespace, endp.OAuth2, objKey); err != nil { - break - } - - smAuthKey := fmt.Sprintf("serviceMonitor/auth/%s/%s/%d", smNamespace, smName, i) - if err = store.AddSafeAuthorizationCredentials(ctx, smNamespace, endp.Authorization, smAuthKey); err != nil { - break - } - } - - if err != nil { - w.logger.Error(err, "Failed to obtain credentials for a ServiceMonitor", "serviceMonitor", smName) - } -} - -// addStoreAssetsForServiceMonitor adds authentication / authorization related information to the assets store, -// based on the service monitor and pod metrics endpoints specs. -// This code borrows from -// https://github.com/prometheus-operator/prometheus-operator/blob/06b5c4189f3f72737766d86103d049115c3aff48/pkg/prometheus/resource_selector.go#L314. -func (w *PrometheusCRWatcher) addStoreAssetsForPodMonitor( - ctx context.Context, - pmName, pmNamespace string, - podMetricsEndps []monitoringv1.PodMetricsEndpoint, - store *assets.Store, -) { - var err error - for i, endp := range podMetricsEndps { - objKey := fmt.Sprintf("podMonitor/%s/%s/%d", pmNamespace, pmName, i) - - if err = store.AddBearerToken(ctx, pmNamespace, &endp.BearerTokenSecret, objKey); err != nil { - break - } - - if err = store.AddBasicAuth(ctx, pmNamespace, endp.BasicAuth, objKey); err != nil { - break - } - - if endp.TLSConfig != nil { - if err = store.AddSafeTLSConfig(ctx, pmNamespace, &endp.TLSConfig.SafeTLSConfig); err != nil { - break - } - } - - if err = store.AddOAuth2(ctx, pmNamespace, endp.OAuth2, objKey); err != nil { - break - } - - smAuthKey := fmt.Sprintf("podMonitor/auth/%s/%s/%d", pmNamespace, pmName, i) - if err = store.AddSafeAuthorizationCredentials(ctx, pmNamespace, endp.Authorization, smAuthKey); err != nil { - break - } - } - - if err != nil { - w.logger.Error(err, "Failed to obtain credentials for a PodMonitor", "podMonitor", pmName) - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator_test.go deleted file mode 100644 index 17a4ed46a..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator_test.go +++ /dev/null @@ -1,416 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package watcher - -import ( - "context" - "testing" - "time" - - "github.com/go-kit/log" - monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - fakemonitoringclient "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/fake" - "github.com/prometheus-operator/prometheus-operator/pkg/informers" - "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" - "github.com/prometheus/common/config" - "github.com/prometheus/common/model" - promconfig "github.com/prometheus/prometheus/config" - "github.com/prometheus/prometheus/discovery" - kubeDiscovery "github.com/prometheus/prometheus/discovery/kubernetes" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes/fake" - "k8s.io/client-go/tools/cache" -) - -func TestLoadConfig(t *testing.T) { - tests := []struct { - name string - serviceMonitor *monitoringv1.ServiceMonitor - podMonitor *monitoringv1.PodMonitor - want *promconfig.Config - wantErr bool - }{ - { - name: "simple test", - serviceMonitor: &monitoringv1.ServiceMonitor{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple", - Namespace: "test", - }, - Spec: monitoringv1.ServiceMonitorSpec{ - JobLabel: "test", - Endpoints: []monitoringv1.Endpoint{ - { - Port: "web", - }, - }, - }, - }, - podMonitor: &monitoringv1.PodMonitor{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple", - Namespace: "test", - }, - Spec: monitoringv1.PodMonitorSpec{ - JobLabel: "test", - PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{ - { - Port: "web", - }, - }, - }, - }, - want: &promconfig.Config{ - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "serviceMonitor/test/simple/0", - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(10 * time.Second), - HonorTimestamps: true, - HonorLabels: false, - Scheme: "http", - MetricsPath: "/metrics", - ServiceDiscoveryConfigs: []discovery.Config{ - &kubeDiscovery.SDConfig{ - Role: "endpointslice", - NamespaceDiscovery: kubeDiscovery.NamespaceDiscovery{ - Names: []string{"test"}, - IncludeOwnNamespace: false, - }, - HTTPClientConfig: config.DefaultHTTPClientConfig, - }, - }, - HTTPClientConfig: config.DefaultHTTPClientConfig, - }, - { - JobName: "podMonitor/test/simple/0", - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(10 * time.Second), - HonorTimestamps: true, - HonorLabels: false, - Scheme: "http", - MetricsPath: "/metrics", - ServiceDiscoveryConfigs: []discovery.Config{ - &kubeDiscovery.SDConfig{ - Role: "pod", - NamespaceDiscovery: kubeDiscovery.NamespaceDiscovery{ - Names: []string{"test"}, - IncludeOwnNamespace: false, - }, - HTTPClientConfig: config.DefaultHTTPClientConfig, - }, - }, - HTTPClientConfig: config.DefaultHTTPClientConfig, - }, - }, - }, - }, - { - name: "basic auth (serviceMonitor)", - serviceMonitor: &monitoringv1.ServiceMonitor{ - ObjectMeta: metav1.ObjectMeta{ - Name: "auth", - Namespace: "test", - }, - Spec: monitoringv1.ServiceMonitorSpec{ - JobLabel: "auth", - Endpoints: []monitoringv1.Endpoint{ - { - Port: "web", - BasicAuth: &monitoringv1.BasicAuth{ - Username: v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "basic-auth", - }, - Key: "username", - }, - Password: v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "basic-auth", - }, - Key: "password", - }, - }, - }, - }, - Selector: metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "auth", - }, - }, - }, - }, - want: &promconfig.Config{ - GlobalConfig: promconfig.GlobalConfig{}, - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "serviceMonitor/test/auth/0", - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(10 * time.Second), - HonorTimestamps: true, - HonorLabels: false, - Scheme: "http", - MetricsPath: "/metrics", - ServiceDiscoveryConfigs: []discovery.Config{ - &kubeDiscovery.SDConfig{ - Role: "endpointslice", - NamespaceDiscovery: kubeDiscovery.NamespaceDiscovery{ - Names: []string{"test"}, - IncludeOwnNamespace: false, - }, - HTTPClientConfig: config.DefaultHTTPClientConfig, - }, - }, - HTTPClientConfig: config.HTTPClientConfig{ - FollowRedirects: true, - EnableHTTP2: true, - BasicAuth: &config.BasicAuth{ - Username: "admin", - Password: "password", - }, - }, - }, - }, - }, - }, - { - name: "bearer token (podMonitor)", - podMonitor: &monitoringv1.PodMonitor{ - ObjectMeta: metav1.ObjectMeta{ - Name: "bearer", - Namespace: "test", - }, - Spec: monitoringv1.PodMonitorSpec{ - JobLabel: "bearer", - PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{ - { - Port: "web", - BearerTokenSecret: v1.SecretKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "bearer", - }, - Key: "token", - }, - }, - }, - }, - }, - want: &promconfig.Config{ - GlobalConfig: promconfig.GlobalConfig{}, - ScrapeConfigs: []*promconfig.ScrapeConfig{ - { - JobName: "podMonitor/test/bearer/0", - ScrapeInterval: model.Duration(30 * time.Second), - ScrapeTimeout: model.Duration(10 * time.Second), - HonorTimestamps: true, - HonorLabels: false, - Scheme: "http", - MetricsPath: "/metrics", - ServiceDiscoveryConfigs: []discovery.Config{ - &kubeDiscovery.SDConfig{ - Role: "pod", - NamespaceDiscovery: kubeDiscovery.NamespaceDiscovery{ - Names: []string{"test"}, - IncludeOwnNamespace: false, - }, - HTTPClientConfig: config.DefaultHTTPClientConfig, - }, - }, - HTTPClientConfig: config.HTTPClientConfig{ - FollowRedirects: true, - EnableHTTP2: true, - Authorization: &config.Authorization{ - Type: "Bearer", - Credentials: "bearer-token", - }, - }, - }, - }, - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - w := getTestPrometheusCRWatcher(t, tt.serviceMonitor, tt.podMonitor) - for _, informer := range w.informers { - // Start informers in order to populate cache. - informer.Start(w.stopChannel) - } - - // Wait for informers to sync. - for _, informer := range w.informers { - for !informer.HasSynced() { - time.Sleep(50 * time.Millisecond) - } - } - - got, err := w.LoadConfig(context.Background()) - assert.NoError(t, err) - - sanitizeScrapeConfigsForTest(got.ScrapeConfigs) - assert.Equal(t, tt.want.ScrapeConfigs, got.ScrapeConfigs) - }) - } -} - -func TestRateLimit(t *testing.T) { - var err error - serviceMonitor := &monitoringv1.ServiceMonitor{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple", - Namespace: "test", - }, - Spec: monitoringv1.ServiceMonitorSpec{ - JobLabel: "test", - Endpoints: []monitoringv1.Endpoint{ - { - Port: "web", - }, - }, - }, - } - events := make(chan Event, 1) - eventInterval := 5 * time.Millisecond - - w := getTestPrometheusCRWatcher(t, nil, nil) - defer w.Close() - w.eventInterval = eventInterval - - go func() { - watchErr := w.Watch(events, make(chan error)) - require.NoError(t, watchErr) - }() - // we don't have a simple way to wait for the watch to actually add event handlers to the informer, - // instead, we just update a ServiceMonitor periodically and wait until we get a notification - _, err = w.kubeMonitoringClient.MonitoringV1().ServiceMonitors("test").Create(context.Background(), serviceMonitor, metav1.CreateOptions{}) - require.NoError(t, err) - - // wait for cache sync first - for _, informer := range w.informers { - success := cache.WaitForCacheSync(w.stopChannel, informer.HasSynced) - require.True(t, success) - } - - require.Eventually(t, func() bool { - _, createErr := w.kubeMonitoringClient.MonitoringV1().ServiceMonitors("test").Update(context.Background(), serviceMonitor, metav1.UpdateOptions{}) - if createErr != nil { - return false - } - select { - case <-events: - return true - default: - return false - } - }, eventInterval*2, time.Millisecond) - - // it's difficult to measure the rate precisely - // what we do, is send two updates, and then assert that the elapsed time is between eventInterval and 3*eventInterval - startTime := time.Now() - _, err = w.kubeMonitoringClient.MonitoringV1().ServiceMonitors("test").Update(context.Background(), serviceMonitor, metav1.UpdateOptions{}) - require.NoError(t, err) - require.Eventually(t, func() bool { - select { - case <-events: - return true - default: - return false - } - }, eventInterval*2, time.Millisecond) - _, err = w.kubeMonitoringClient.MonitoringV1().ServiceMonitors("test").Update(context.Background(), serviceMonitor, metav1.UpdateOptions{}) - require.NoError(t, err) - require.Eventually(t, func() bool { - select { - case <-events: - return true - default: - return false - } - }, eventInterval*2, time.Millisecond) - elapsedTime := time.Since(startTime) - assert.Less(t, eventInterval, elapsedTime) - assert.GreaterOrEqual(t, eventInterval*3, elapsedTime) - -} - -// getTestPrometheuCRWatcher creates a test instance of PrometheusCRWatcher with fake clients -// and test secrets. -func getTestPrometheusCRWatcher(t *testing.T, sm *monitoringv1.ServiceMonitor, pm *monitoringv1.PodMonitor) *PrometheusCRWatcher { - mClient := fakemonitoringclient.NewSimpleClientset() - if sm != nil { - _, err := mClient.MonitoringV1().ServiceMonitors("test").Create(context.Background(), sm, metav1.CreateOptions{}) - if err != nil { - t.Fatal(t, err) - } - } - if pm != nil { - _, err := mClient.MonitoringV1().PodMonitors("test").Create(context.Background(), pm, metav1.CreateOptions{}) - if err != nil { - t.Fatal(t, err) - } - } - - k8sClient := fake.NewSimpleClientset() - _, err := k8sClient.CoreV1().Secrets("test").Create(context.Background(), &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "basic-auth", - Namespace: "test", - }, - Data: map[string][]byte{"username": []byte("admin"), "password": []byte("password")}, - }, metav1.CreateOptions{}) - if err != nil { - t.Fatal(t, err) - } - _, err = k8sClient.CoreV1().Secrets("test").Create(context.Background(), &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "bearer", - Namespace: "test", - }, - Data: map[string][]byte{"token": []byte("bearer-token")}, - }, metav1.CreateOptions{}) - if err != nil { - t.Fatal(t, err) - } - - factory := informers.NewMonitoringInformerFactories(map[string]struct{}{v1.NamespaceAll: {}}, map[string]struct{}{}, mClient, 0, nil) - informers, err := getInformers(factory) - if err != nil { - t.Fatal(t, err) - } - - prom := &monitoringv1.Prometheus{ - Spec: monitoringv1.PrometheusSpec{ - CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ - ScrapeInterval: monitoringv1.Duration("30s"), - }, - }, - } - - generator, err := prometheus.NewConfigGenerator(log.NewNopLogger(), prom, true) - if err != nil { - t.Fatal(t, err) - } - - return &PrometheusCRWatcher{ - kubeMonitoringClient: mClient, - k8sClient: k8sClient, - informers: informers, - configGenerator: generator, - serviceMonitorSelector: getSelector(nil), - podMonitorSelector: getSelector(nil), - stopChannel: make(chan struct{}), - } -} - -// Remove relable configs fields from scrape configs for testing, -// since these are mutated and tested down the line with the hook(s). -func sanitizeScrapeConfigsForTest(scs []*promconfig.ScrapeConfig) { - for _, sc := range scs { - sc.RelabelConfigs = nil - sc.MetricRelabelConfigs = nil - } -} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/watcher.go b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/watcher.go deleted file mode 100644 index 49b2cef87..000000000 --- a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/watcher.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package watcher - -import ( - "context" - - promconfig "github.com/prometheus/prometheus/config" -) - -type Watcher interface { - // Watch watcher and supply channels which will receive change events - Watch(upstreamEvents chan Event, upstreamErrors chan error) error - LoadConfig(ctx context.Context) (*promconfig.Config, error) - Close() error -} - -type Event struct { - Source EventSource - Watcher Watcher -} - -type EventSource int - -const ( - EventSourceConfigMap EventSource = iota - EventSourcePrometheusCR -) - -var ( - eventSourceToString = map[EventSource]string{ - EventSourceConfigMap: "EventSourceConfigMap", - EventSourcePrometheusCR: "EventSourcePrometheusCR", - } -) - -func (e EventSource) String() string { - return eventSourceToString[e] -} diff --git a/go.mod b/go.mod index a2f4b7372..cd83fe187 100644 --- a/go.mod +++ b/go.mod @@ -9,37 +9,23 @@ replace github.com/openshift/api v3.9.0+incompatible => github.com/openshift/api require ( dario.cat/mergo v1.0.0 - github.com/buraksezer/consistent v0.10.0 - github.com/cespare/xxhash/v2 v2.2.0 - github.com/fsnotify/fsnotify v1.7.0 - github.com/ghodss/yaml v1.0.0 - github.com/gin-gonic/gin v1.10.0 - github.com/go-kit/log v0.2.1 github.com/go-logr/logr v1.4.1 github.com/google/uuid v1.6.0 - github.com/json-iterator/go v1.1.12 github.com/mitchellh/mapstructure v1.5.0 - github.com/oklog/run v1.1.0 github.com/openshift/api v3.9.0+incompatible - github.com/prometheus-operator/prometheus-operator v0.70.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0 - github.com/prometheus-operator/prometheus-operator/pkg/client v0.70.0 - github.com/prometheus/client_golang v1.17.0 - github.com/prometheus/common v0.45.0 github.com/prometheus/prometheus v0.48.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 go.opentelemetry.io/collector/featuregate v0.77.0 go.opentelemetry.io/otel v1.21.0 go.uber.org/zap v1.25.0 - golang.org/x/exp v0.0.0-20231127185646-65229373498e + golang.org/x/exp v0.0.0-20231006140011-7918f672742d gopkg.in/yaml.v2 v2.4.0 - gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.0 k8s.io/apimachinery v0.29.0 k8s.io/client-go v0.29.0 k8s.io/component-base v0.29.0 - k8s.io/klog/v2 v2.110.1 k8s.io/kubectl v0.29.0 k8s.io/utils v0.0.0-20231127182322-b307cd553661 sigs.k8s.io/controller-runtime v0.16.3 @@ -57,58 +43,38 @@ require ( github.com/Microsoft/go-winio v0.6.1 // indirect github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect github.com/armon/go-metrics v0.4.1 // indirect - github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.45.25 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/blang/semver/v4 v4.0.0 // indirect - github.com/bytedance/sonic v1.11.6 // indirect - github.com/bytedance/sonic/loader v0.1.1 // indirect - github.com/cloudwego/base64x v0.1.4 // indirect - github.com/cloudwego/iasm v0.2.0 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect github.com/containerd/log v0.1.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/dennwc/varint v1.0.0 // indirect github.com/digitalocean/godo v1.104.1 // indirect github.com/distribution/reference v0.5.0 // indirect github.com/docker/docker v25.0.6+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/edsrzf/mmap-go v1.1.0 // indirect - github.com/efficientgo/core v1.0.0-rc.2 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/envoyproxy/go-control-plane v0.11.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect - github.com/evanphx/json-patch v5.7.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.7.0 // indirect + github.com/evanphx/json-patch v5.6.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/gabriel-vasile/mimetype v1.4.3 // indirect - github.com/gin-contrib/sse v0.1.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-kit/log v0.2.1 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.2.4 // indirect - github.com/go-openapi/analysis v0.21.4 // indirect - github.com/go-openapi/errors v0.20.4 // indirect github.com/go-openapi/jsonpointer v0.20.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/loads v0.21.2 // indirect - github.com/go-openapi/runtime v0.26.0 // indirect - github.com/go-openapi/spec v0.20.9 // indirect - github.com/go-openapi/strfmt v0.21.7 // indirect github.com/go-openapi/swag v0.22.4 // indirect - github.com/go-openapi/validate v0.22.1 // indirect - github.com/go-playground/locales v0.14.1 // indirect - github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.20.0 // indirect github.com/go-resty/resty/v2 v2.7.0 // indirect github.com/go-zookeeper/zk v1.0.3 // indirect - github.com/goccy/go-json v0.10.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/golang/snappy v0.0.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect @@ -139,75 +105,66 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/jpillora/backoff v1.0.0 // indirect - github.com/klauspost/compress v1.17.1 // indirect - github.com/klauspost/cpuid/v2 v2.2.7 // indirect + github.com/json-iterator/go v1.1.12 // indirect github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/leodido/go-urn v1.4.0 // indirect github.com/linode/linodego v1.23.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect - github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/miekg/dns v1.1.56 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect - github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect - github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/operator-framework/operator-lib v0.11.0 // indirect github.com/ovh/go-ovh v1.4.3 // indirect - github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus-community/prom-label-proxy v0.7.0 // indirect - github.com/prometheus/alertmanager v0.26.0 // indirect + github.com/prometheus/client_golang v1.17.0 // indirect github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.44.0 // indirect github.com/prometheus/common/sigv4 v0.1.0 // indirect github.com/prometheus/procfs v0.11.1 // indirect github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 // indirect github.com/spf13/cobra v1.7.0 // indirect github.com/stretchr/objx v0.5.2 // indirect - github.com/twitchyliquid64/golang-asm v0.15.1 // indirect - github.com/ugorji/go/codec v1.2.12 // indirect github.com/vultr/govultr/v2 v2.17.2 // indirect - go.mongodb.org/mongo-driver v1.12.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect go.opentelemetry.io/otel/metric v1.21.0 // indirect go.opentelemetry.io/otel/trace v1.21.0 // indirect - go.uber.org/atomic v1.11.0 // indirect - go.uber.org/goleak v1.2.1 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/arch v0.8.0 // indirect golang.org/x/crypto v0.24.0 // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.26.0 // indirect - golang.org/x/oauth2 v0.15.0 // indirect + golang.org/x/oauth2 v0.13.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.21.0 // indirect golang.org/x/term v0.21.0 // indirect golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.147.0 // indirect - google.golang.org/appengine v1.6.8 // indirect + google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect google.golang.org/grpc v1.58.3 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.29.0 // indirect - k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index df92b5074..1c05684b4 100644 --- a/go.sum +++ b/go.sum @@ -59,12 +59,9 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mx github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DATA-DOG/go-sqlmock v1.4.1/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -78,28 +75,17 @@ github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJ github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= -github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.45.25 h1:c4fLlh5sLdK2DCRTY1z0hyuJZU4ygxX8m1FswL6/nF4= github.com/aws/aws-sdk-go v1.45.25/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= -github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= +github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= -github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/buraksezer/consistent v0.10.0 h1:hqBgz1PvNLC5rkWcEBVAL9dFMBWz6I0VgUCW25rrZlU= -github.com/buraksezer/consistent v0.10.0/go.mod h1:6BrVajWq7wbKZlTOUPs/XVfR8c0maujuPowduSpZqmw= -github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0= -github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4= -github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM= -github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -112,10 +98,6 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y= -github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= -github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= -github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -127,8 +109,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dennwc/varint v1.0.0 h1:kGNFFSSw8ToIy3obO/kKr8U9GZYUAxQEVuix4zfDWzE= -github.com/dennwc/varint v1.0.0/go.mod h1:hnItb35rvZvJrbTALZtY/iQfDs48JKRG1RPpgziApxA= github.com/digitalocean/godo v1.104.1 h1:SZNxjAsskM/su0YW9P8Wx3gU0W1Z13b6tZlYNpl5BnA= github.com/digitalocean/godo v1.104.1/go.mod h1:VAI/L5YDzMuPRU01lEEUSQ/sp5Z//1HnnFv/RBTEdbg= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= @@ -141,10 +121,6 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= -github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= -github.com/efficientgo/core v1.0.0-rc.2 h1:7j62qHLnrZqO3V3UA0AqOGd5d5aXV3AX6m/NZBHp78I= -github.com/efficientgo/core v1.0.0-rc.2/go.mod h1:FfGdkzWarkuzOlY04VY+bGfb1lWrjaL6x/GLcQ4vJps= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -155,10 +131,10 @@ github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= -github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc= -github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= +github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= @@ -168,14 +144,6 @@ github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBd github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= -github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= -github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU= -github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -198,53 +166,14 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= -github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= -github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc= -github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= -github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWLG6M= -github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ= github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA= -github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= -github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= -github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= -github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= -github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= -github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= -github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= -github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= -github.com/go-openapi/spec v0.20.9 h1:xnlYNQAwKd2VQRRfwTEI0DcK+2cbuvI/0c7jx3gA8/8= -github.com/go-openapi/spec v0.20.9/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= -github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= -github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= -github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= -github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= -github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= -github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= -github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= -github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= -github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= -github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= -github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8= -github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY= github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -252,32 +181,6 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-zookeeper/zk v1.0.3 h1:7M2kwOsc//9VeeFiPtf+uSJlVpU66x9Ba5+8XK7/TDg= github.com/go-zookeeper/zk v1.0.3/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= -github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= -github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= -github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= -github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= -github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= -github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= -github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= -github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= -github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= -github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= -github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= -github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= -github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= -github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360= -github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg= -github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE= -github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= -github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= -github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= -github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= -github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= -github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= -github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= -github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -311,12 +214,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -356,7 +255,6 @@ github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0Z github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -431,18 +329,17 @@ github.com/hetznercloud/hcloud-go/v2 v2.4.0/go.mod h1:l7fA5xsncFBzQTyw29/dw5Yr88 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/ionos-cloud/sdk-go/v6 v6.1.9 h1:Iq3VIXzeEbc8EbButuACgfLMiY5TPVWUPNrF+Vsddo4= github.com/ionos-cloud/sdk-go/v6 v6.1.9/go.mod h1:EzEgRIDxBELvfoa/uBN0kOQaqovLjUWEB7iW4/Q+t4k= github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc= github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA= @@ -457,21 +354,11 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= -github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.17.1 h1:NE3C767s2ak2bweCZo3+rdP4U/HoyVXLv/X9f2gPS5g= -github.com/klauspost/compress v1.17.1/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM= -github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= -github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -484,17 +371,10 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= -github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/linode/linodego v1.23.0 h1:s0ReCZtuN9Z1IoUN9w1RLeYO1dMZUGPwOQ/IBFsBHtU= github.com/linode/linodego v1.23.0/go.mod h1:0U7wj/UQOqBNbKv1FYTXiBUXueR8DY4HvIotwE0ENgg= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= -github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= @@ -511,12 +391,10 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g= github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM= -github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a h1:0usWxe5SGXKQovz3p+BiQ81Jy845xSMu2CWKuXsXuUM= -github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a/go.mod h1:3OETvrxfELvGsU2RoGGWercfeZ4bCL3+SOwzIWtJH/Q= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE= @@ -527,8 +405,6 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= @@ -540,7 +416,6 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= @@ -548,11 +423,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= -github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= -github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= @@ -563,16 +433,13 @@ github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrB github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/openshift/api v0.0.0-20180801171038-322a19404e37 h1:05irGU4HK4IauGGDbsk+ZHrm1wOzMLYjMlfaiqMrBYc= github.com/openshift/api v0.0.0-20180801171038-322a19404e37/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY= -github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= -github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9BwCisZd3rIzmHRC9Z8= +github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g= github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0= github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= -github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= -github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -584,20 +451,11 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= -github.com/prometheus-community/prom-label-proxy v0.7.0 h1:1iNHXF7V8z2iOCinEyxKDUHu2jppPAAd6PmBCi3naok= -github.com/prometheus-community/prom-label-proxy v0.7.0/go.mod h1:wR9C/Mwp5aBbiqM6gQ+FZdFRwL8pCzzhsje8lTAx/aA= -github.com/prometheus-operator/prometheus-operator v0.70.0 h1:kMufKWvqJl08Kh0oue3VLmTsowYKKqCQJa7tqXo+DJI= -github.com/prometheus-operator/prometheus-operator v0.70.0/go.mod h1:a/P8ufM+z7gkt4QpWEHWPARs/8bhRBkyZN5pjUl5RMk= github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0 h1:CFTvpkpVP4EXXZuaZuxpikAoma8xVha/IZKMDc9lw+Y= github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0/go.mod h1:npfc20mPOAu7ViOVnATVMbI7PoXvW99EzgJVqkAomIQ= -github.com/prometheus-operator/prometheus-operator/pkg/client v0.70.0 h1:PpdpJDS1MyMSLILG+Y0hgzVQ3tu6qEkRD0gR/UuvSZk= -github.com/prometheus-operator/prometheus-operator/pkg/client v0.70.0/go.mod h1:4I5Rt6iIu95JBYYaDYA+Er+YBfUwIq9Pwh5TEoBmawg= -github.com/prometheus/alertmanager v0.26.0 h1:uOMJWfIwJguc3NaM3appWNbbrh6G/OjvaHMk22aBBYc= -github.com/prometheus/alertmanager v0.26.0/go.mod h1:rVcnARltVjavgVaNnmevxK7kOn7IZavyf0KNgHkbEpU= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= @@ -613,8 +471,8 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= +github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4= github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -626,8 +484,6 @@ github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwa github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= github.com/prometheus/prometheus v0.48.1 h1:CTszphSNTXkuCG6O0IfpKdHcJkvvnAAE1GbELKS+NFk= github.com/prometheus/prometheus v0.48.1/go.mod h1:SRw624aMAxTfryAcP8rOjg4S/sHHaetx2lyJJ2nM83g= -github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= @@ -640,16 +496,12 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg github.com/shoenig/test v0.6.6 h1:Oe8TPH9wAbv++YPNDKJWUnI8Q4PPWCx3UbOfH+FxiMU= github.com/shoenig/test v0.6.6/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -661,43 +513,22 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= -github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= -github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE= -github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs= github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= -github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= -github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= -github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= -github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= -github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= -github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= -github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM= -github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= -go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= -go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= -go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE= -go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -724,8 +555,6 @@ go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+ go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= -go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= @@ -735,20 +564,14 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= -golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= -golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc= -golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= @@ -762,8 +585,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231127185646-65229373498e h1:Gvh4YaCaXNs6dKTlfgismwWZKyjVZXwOPfIyUaqU3No= -golang.org/x/exp v0.0.0-20231127185646-65229373498e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -822,7 +645,6 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= -golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -836,13 +658,12 @@ golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= -golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= +golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -860,13 +681,10 @@ golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -898,7 +716,6 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -911,7 +728,6 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= @@ -925,32 +741,25 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= @@ -1019,8 +828,8 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1083,13 +892,12 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -1106,13 +914,10 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= -gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= +gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= +gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1132,15 +937,13 @@ k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a h1:ZeIPbyHHqahGIbeyLJJjAUhnxCKqXaDY+n89Ms8szyA= -k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= @@ -1149,5 +952,5 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= -sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= From cf4a6ada33d5e98ad3cbd77c878482e7498f825e Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 12:33:20 -0400 Subject: [PATCH 80/99] Revert "Merge branch 'main' into merge-main" This reverts commit 55c57ff09983e5c77725d4767fc4f4226f08d115, reversing changes made to 59fb829958975b958511e0fc9432c4f24bbe5e1e. --- versions.txt | 3 --- 1 file changed, 3 deletions(-) diff --git a/versions.txt b/versions.txt index 4c7c50deb..0133818fc 100644 --- a/versions.txt +++ b/versions.txt @@ -4,9 +4,6 @@ cloudwatch-agent=1.300041.0b681 # Represents the current release of the CloudWatch Agent Operator. operator=1.4.1 -# Represents the current release of the Target Allocator. -target-allocator=0.90.0 - # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 aws-otel-python-instrumentation=v0.2.0 From 05fccd446a549d4703a8b6424ce17732b88ca4be Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 13:34:30 -0400 Subject: [PATCH 81/99] Revert last 5 commits. --- .../application-signals-e2e-test.yml | 10 +- .github/workflows/eks-add-on-integ-test.yml | 9 +- .../workflows/operator-integration-test.yml | 48 +- Dockerfile | 3 +- Makefile | 23 +- README.md | 1 + RELEASE_NOTES | 7 + .../Dockerfile | 19 + .../allocation/allocator.go | 60 ++ .../allocation/consistent_hashing.go | 284 ++++++++ .../allocation/consistent_hashing_test.go | 136 ++++ .../allocation/strategy.go | 118 ++++ .../allocation/strategy_test.go | 125 ++++ .../collector/collector.go | 132 ++++ .../collector/collector_test.go | 210 ++++++ .../config/config.go | 170 +++++ .../config/config_test.go | 212 ++++++ .../config/flags.go | 59 ++ .../config/flags_test.go | 86 +++ .../config/testdata/config_test.yaml | 17 + .../config/testdata/file_sd_test.json | 18 + .../config/testdata/no_config.yaml | 0 .../testdata/pod_service_selector_test.yaml | 14 + .../diff/diff.go | 52 ++ .../diff/diff_test.go | 97 +++ .../main.go | 230 +++++++ .../prehook/prehook.go | 53 ++ .../prehook/relabel.go | 99 +++ .../prehook/relabel_test.go | 259 ++++++++ .../server/bench_test.go | 259 ++++++++ .../server/mocks_test.go | 27 + .../server/server.go | 229 +++++++ .../server/server_test.go | 606 ++++++++++++++++++ .../target/discovery.go | 145 +++++ .../target/discovery_test.go | 402 ++++++++++++ .../target/target.go | 44 ++ .../target/testdata/test.yaml | 17 + .../target/testdata/test_update.yaml | 14 + .../watcher/file.go | 79 +++ .../watcher/promOperator.go | 359 +++++++++++ .../watcher/promOperator_test.go | 416 ++++++++++++ .../watcher/watcher.go | 40 ++ go.mod | 81 ++- go.sum | 255 +++++++- .../eks/resourceCount_linuxonly_test.go | 4 +- .../eks/resourceCount_windowslinux_test.go | 4 +- .../eks/validateResources_test.go | 27 +- .../generator/k8s_versions_matrix.json | 3 + .../validate_annotation_daemonset_test.go | 32 +- .../validate_annotation_methods.go | 25 +- .../validate_annotations_deployment_test.go | 45 +- .../validate_annotations_namespace_test.go | 46 +- .../validate_annotations_statefulset_test.go | 39 +- ..._instrumentation_nodejs_env_variables.json | 11 + .../nodejs/sample-deployment-nodejs.yaml | 20 + internal/manifests/collector/ports.go | 49 +- internal/manifests/collector/ports_test.go | 131 ++-- .../test-resources/application_signals.json | 7 + .../multipleReceiversAgentConfig.json | 3 +- main.go | 12 +- pkg/instrumentation/auto/config.go | 3 + pkg/instrumentation/auto/config_test.go | 10 + pkg/instrumentation/defaultinstrumentation.go | 32 +- .../defaultinstrumentation_test.go | 111 +++- pkg/instrumentation/podmutator_test.go | 3 +- versions.txt | 10 +- 66 files changed, 5937 insertions(+), 214 deletions(-) create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/allocator.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/collector/collector.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/config.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/flags.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/flags_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/config_test.yaml create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/file_sd_test.json create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/no_config.yaml create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/pod_service_selector_test.yaml create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/diff/diff.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/diff/diff_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/main.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/prehook/prehook.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/server/bench_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/server/mocks_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/server/server.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/server/server_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/discovery.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/discovery_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/target.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test.yaml create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test_update.yaml create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/watcher/file.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator_test.go create mode 100644 cmd/amazon-cloudwatch-agent-target-allocator/watcher/watcher.go create mode 100644 integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json create mode 100644 integration-tests/nodejs/sample-deployment-nodejs.yaml create mode 100644 internal/manifests/collector/test-resources/application_signals.json diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index efff61fb4..ca753f04b 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -23,7 +23,7 @@ concurrency: jobs: java-eks-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-eks-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-eks-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -33,7 +33,7 @@ jobs: java-metric-limiter-e2e-test: needs: [ java-eks-e2e-test ] - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-metric-limiter-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/metric-limiter-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -42,7 +42,7 @@ jobs: cw-agent-operator-tag: ${{ inputs.tag }} java-k8s-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-k8s-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/java-k8s-test.yml@main secrets: inherit with: aws-region: us-east-1 @@ -50,7 +50,7 @@ jobs: cw-agent-operator-tag: ${{ inputs.tag }} python-eks-e2e-test: - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-eks-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-eks-test.yml@main needs: [ java-metric-limiter-e2e-test ] secrets: inherit with: @@ -61,7 +61,7 @@ jobs: python-k8s-e2e-test: needs: [ java-k8s-e2e-test ] - uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-k8s-e2e-test.yml@main + uses: aws-observability/aws-application-signals-test-framework/.github/workflows/python-k8s-test.yml@main secrets: inherit with: aws-region: us-east-1 diff --git a/.github/workflows/eks-add-on-integ-test.yml b/.github/workflows/eks-add-on-integ-test.yml index f959b882b..d16388c77 100644 --- a/.github/workflows/eks-add-on-integ-test.yml +++ b/.github/workflows/eks-add-on-integ-test.yml @@ -83,18 +83,17 @@ jobs: - name: Confirm EKS Version Support run: | - if [[ + if [[ $(go list -m k8s.io/client-go | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/apimachinery | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/component-base | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) || $(go list -m k8s.io/kubectl | cut -d ' ' -f 2 | cut -d '.' -f 2) -lt $( echo ${{ matrix.arrays.k8sVersion }} | cut -d '.' -f 2) - ]]; then + ]]; then echo k8s.io/client-go $(go list -m k8s.io/client-go) is less than ${{ matrix.arrays.k8sVersion }} echo or k8s.io/apimachinery $(go list -m k8s.io/apimachinery) is less than ${{ matrix.arrays.k8sVersion }} echo or k8s.io/component-base $(go list -m k8s.io/component-base) is less than ${{ matrix.arrays.k8sVersion }} - echo or k8s.io/kubectl $(go list -m k8s.io/kubectl) is less than ${{ matrix.arrays.k8sVersion }}, fail test - echo "please run go get -u && go mod tidy" - exit 1; + echo or k8s.io/kubectl $(go list -m k8s.io/kubectl) is less than ${{ matrix.arrays.k8sVersion }} + echo "[WARNING] Kubernetes dependencies are lower than the latest Kubernetes cluster version. Please check changelog to ensure no breaking changes: https://kubernetes.io/releases/" fi - name: Verify Terraform version diff --git a/.github/workflows/operator-integration-test.yml b/.github/workflows/operator-integration-test.yml index 463e9d0c3..e19b475f8 100644 --- a/.github/workflows/operator-integration-test.yml +++ b/.github/workflows/operator-integration-test.yml @@ -127,6 +127,27 @@ jobs: go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json kubectl delete instrumentation sample-instrumentation + - name: Test for default instrumentation resources for nodejs + run: | + kubectl delete pods --all -n default + sleep 5 + cat integration-tests/nodejs/sample-deployment-nodejs.yaml + kubectl apply -f integration-tests/nodejs/sample-deployment-nodejs.yaml + sleep 5 + kubectl wait --for=condition=Available deployment/nginx -n default + kubectl get pods -A + kubectl describe pods -n default + go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json + + - name: Test for defined instrumentation resources for nodejs + run: | + kubectl apply -f integration-tests/manifests/sample-instrumentation.yaml + kubectl delete pods --all -n default + sleep 5 + kubectl wait --for=condition=Available deployment/nginx -n default + sleep 5 + go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json + kubectl delete instrumentation sample-instrumentation - name: Test for default instrumentation resources for all languages run: | @@ -142,7 +163,8 @@ jobs: kubectl apply -f integration-tests/manifests/sample-instrumentation.yaml kubectl delete pods --all -n default sleep 5 - kubectl wait --for=condition=Ready pod --all -n default + kubectl wait --for=condition=Available deployment/nginx -n default + sleep 5 go run integration-tests/manifests/cmd/validate_instrumentation_vars.go default integration-tests/manifests/cmd/ns_instrumentation_env_variables.json kubectl delete instrumentation sample-instrumentation @@ -183,11 +205,12 @@ jobs: - name: Test Annotations run: | - kubectl apply -f integration-tests/manifests/sample-deployment.yaml kubectl get pods -A kubectl describe pods -n default - sleep 5 + sleep 10 go test -v -run TestAllLanguagesDeployment ./integration-tests/manifests/annotations -timeout 30m + kubectl get pods -A + kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m sleep 5 @@ -195,6 +218,8 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m sleep 5 + go test -v -run TestNodeJSOnlyDeployment ./integration-tests/manifests/annotations -timeout 30m + sleep 5 go test -v -run TestAnnotationsOnMultipleResources ./integration-tests/manifests/annotations -timeout 30m DaemonsetAnnotationsTest: @@ -233,11 +258,12 @@ jobs: - name: Test Annotations run: | - kubectl apply -f integration-tests/manifests/sample-daemonset.yaml sleep 5 kubectl get pods -A kubectl describe pods -n default go test -v -run TestAllLanguagesDaemonSet ./integration-tests/manifests/annotations -timeout 30m + kubectl get pods -A + kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 @@ -245,6 +271,8 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 + go test -v -run TestNodeJSOnlyDaemonSet ./integration-tests/manifests/annotations -timeout 30m + sleep 5 go test -v -run TestAutoAnnotationForManualAnnotationRemoval ./integration-tests/manifests/annotations -timeout 30m StatefulsetAnnotationsTest: @@ -283,16 +311,20 @@ jobs: - name: Test Annotations run: | - kubectl apply -f integration-tests/manifests/sample-statefulset.yaml - sleep 5 kubectl get pods -A kubectl describe pods -n default go test -v -run TestAllLanguagesStatefulSet ./integration-tests/manifests/annotations -timeout 30m + kubectl get pods -A + kubectl describe pods -n default sleep 5 go test -v -run TestJavaOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 go test -v -run TestPythonOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m sleep 5 + go test -v -run TestDotNetOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m + sleep 5 + go test -v -run TestNodeJSOnlyStatefulSet ./integration-tests/manifests/annotations -timeout 30m + sleep 5 go test -v -run TestOnlyNonAnnotatedAppsShouldBeRestarted ./integration-tests/manifests/annotations -timeout 30m @@ -342,4 +374,6 @@ jobs: sleep 5 go test -v -run TestDotNetOnlyNamespace ./integration-tests/manifests/annotations -timeout 30m sleep 5 - go test -v -run TestAlreadyAutoAnnotatedResourceShouldNotRestart ./integration-tests/manifests/annotations -timeout 30m + go test -v -run TestNodeJSOnlyNamespace ./integration-tests/manifests/annotations -timeout 30m + sleep 5 + go test -v -run TestAlreadyAutoAnnotatedResourceShouldNotRestart ./integration-tests/manifests/annotations -timeout 30m \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index d0764f1fc..b84b082f4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,12 +27,13 @@ ARG AGENT_VERSION ARG AUTO_INSTRUMENTATION_JAVA_VERSION ARG AUTO_INSTRUMENTATION_PYTHON_VERSION ARG AUTO_INSTRUMENTATION_DOTNET_VERSION +ARG AUTO_INSTRUMENTATION_NODEJS_VERSION ARG DCMG_EXPORTER_VERSION ARG NEURON_MONITOR_VERSION ARG TARGET_ALLOCATOR_VERSION # Build -RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGET_ALLOCATOR_VERSION} " -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -ldflags="-X ${VERSION_PKG}.version=${VERSION} -X ${VERSION_PKG}.buildDate=${VERSION_DATE} -X ${VERSION_PKG}.agent=${AGENT_VERSION} -X ${VERSION_PKG}.autoInstrumentationJava=${AUTO_INSTRUMENTATION_JAVA_VERSION} -X ${VERSION_PKG}.autoInstrumentationPython=${AUTO_INSTRUMENTATION_PYTHON_VERSION} -X ${VERSION_PKG}.autoInstrumentationDotNet=${AUTO_INSTRUMENTATION_DOTNET_VERSION} -X ${VERSION_PKG}.autoInstrumentationNodeJS=${AUTO_INSTRUMENTATION_NODEJS_VERSION} -X ${VERSION_PKG}.dcgmExporter=${DCMG_EXPORTER_VERSION} -X ${VERSION_PKG}.neuronMonitor=${NEURON_MONITOR_VERSION} -X ${VERSION_PKG}.targetAllocator=${TARGET_ALLOCATOR_VERSION}" -a -o manager main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/Makefile b/Makefile index 2523acd77..a1d5d2ebb 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ AGENT_VERSION ?= "$(shell grep -v '\#' versions.txt | grep cloudwatch-agent | aw AUTO_INSTRUMENTATION_JAVA_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-java-instrumentation | awk -F= '{print $$2}')" AUTO_INSTRUMENTATION_PYTHON_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-python-instrumentation | awk -F= '{print $$2}')" AUTO_INSTRUMENTATION_DOTNET_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-dotnet-instrumentation | awk -F= '{print $$2}')" +AUTO_INSTRUMENTATION_NODEJS_VERSION ?= "$(shell grep -v '\#' versions.txt | grep aws-otel-nodejs-instrumentation | awk -F= '{print $$2}')" DCGM_EXPORTER_VERSION ?= "$(shell grep -v '\#' versions.txt | grep dcgm-exporter | awk -F= '{print $$2}')" NEURON_MONITOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep neuron-monitor | awk -F= '{print $$2}')" TARGET_ALLOCATOR_VERSION ?= "$(shell grep -v '\#' versions.txt | grep target-allocator | awk -F= '{print $$2}')" @@ -16,6 +17,9 @@ IMG_REPO ?= cloudwatch-agent-operator IMG ?= ${IMG_PREFIX}/${IMG_REPO}:${VERSION} ARCH ?= $(shell go env GOARCH) +TARGET_ALLOCATOR_IMG_REPO ?= target-allocator +TARGET_ALLOCATOR_IMG ?= ${IMG_PREFIX}/${TARGET_ALLOCATOR_IMG_REPO}:${TARGET_ALLOCATOR_VERSION} + # Options for 'bundle-build' ifneq ($(origin CHANNELS), undefined) BUNDLE_CHANNELS := --channels=$(CHANNELS) @@ -96,6 +100,10 @@ test: generate fmt vet envtest .PHONY: manager manager: generate fmt vet go build -o bin/manager main.go +# Build target allocator binary +.PHONY: targetallocator +targetallocator: + cd cmd/amazon-cloudwatch-agent-target-allocator && CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(ARCH) go build -installsuffix cgo -o bin/targetallocator_${ARCH} -ldflags "${LDFLAGS}" . # Run against the configured Kubernetes cluster in ~/.kube/config .PHONY: run @@ -155,13 +163,26 @@ generate: controller-gen api-docs # buildx is used to ensure same results for arm based systems (m1/2 chips) .PHONY: container container: - docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGET_ALLOCATOR_VERSION=${TARGET_ALLOCATOR_VERSION} . + docker buildx build --load --platform linux/${ARCH} -t ${IMG} --build-arg VERSION_PKG=${VERSION_PKG} --build-arg VERSION=${VERSION} --build-arg VERSION_DATE=${VERSION_DATE} --build-arg AGENT_VERSION=${AGENT_VERSION} --build-arg AUTO_INSTRUMENTATION_JAVA_VERSION=${AUTO_INSTRUMENTATION_JAVA_VERSION} --build-arg AUTO_INSTRUMENTATION_PYTHON_VERSION=${AUTO_INSTRUMENTATION_PYTHON_VERSION} --build-arg AUTO_INSTRUMENTATION_DOTNET_VERSION=${AUTO_INSTRUMENTATION_DOTNET_VERSION} --build-arg AUTO_INSTRUMENTATION_NODEJS_VERSION=${AUTO_INSTRUMENTATION_NODEJS_VERSION} --build-arg DCGM_EXPORTER_VERSION=${DCGM_EXPORTER_VERSION} --build-arg NEURON_MONITOR_VERSION=${NEURON_MONITOR_VERSION} --build-arg TARGET_ALLOCATOR_VERSION=${TARGET_ALLOCATOR_VERSION} . # Push the container image, used only for local dev purposes .PHONY: container-push container-push: docker push ${IMG} +.PHONY: container-target-allocator-push +container-target-allocator-push: + docker push ${TARGET_ALLOCATOR_IMG} + +.PHONY: container-target-allocator +container-target-allocator: GOOS = linux +container-target-allocator: targetallocator + docker buildx build --load --platform linux/${ARCH} -t ${TARGET_ALLOCATOR_IMG} cmd/amazon-cloudwatch-agent-target-allocator + +.PHONY: ta-build-and-push +ta-build-and-push: container-target-allocator +ta-build-and-push: container-target-allocator-push + .PHONY: kustomize kustomize: ## Download kustomize locally if necessary. $(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) diff --git a/README.md b/README.md index c7b30c028..706926de2 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ Supported Languages: - Java - Python - .NET +- NodeJS This repo is based off of the [OpenTelemetry Operator](https://github.com/open-telemetry/opentelemetry-operator) diff --git a/RELEASE_NOTES b/RELEASE_NOTES index 4fd0a5445..940371afe 100644 --- a/RELEASE_NOTES +++ b/RELEASE_NOTES @@ -1,6 +1,13 @@ +======================================================================== +Amazon CloudWatch Agent Operator v1.7.0 (2024-09-03) +======================================================================== +Enhancements: +* [ApplicationSignals] Support NodeJS auto-instrumentation on Linux platforms + ======================================================================== Amazon CloudWatch Agent Operator v1.6.0 (2024-07-30) ======================================================================== +Enhancements: * [ApplicationSignals] Allow configurable resource requests and limits for auto-instrumentation SDK init containers (#196) ======================================================================== diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile b/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile new file mode 100644 index 000000000..1a2b9b7a2 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/Dockerfile @@ -0,0 +1,19 @@ +# Get CA certificates from the Alpine package repo +FROM alpine:3.18 as certificates + +RUN apk --no-cache add ca-certificates + +# Start a new stage from scratch +FROM scratch + +ARG TARGETARCH + +WORKDIR /root/ + +# Copy the certs +COPY --from=certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + +# Copy binary built on the host +COPY bin/targetallocator_${TARGETARCH} ./main + +ENTRYPOINT ["./main"] diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/allocator.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/allocator.go new file mode 100644 index 000000000..ad55f7e4e --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/allocator.go @@ -0,0 +1,60 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package allocation + +import ( + "fmt" + "strconv" + + "github.com/prometheus/common/model" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +func colIndex(index, numCols int) int { + if numCols == 0 { + return -1 + } + return index % numCols +} + +func MakeNNewTargets(n int, numCollectors int, startingIndex int) map[string]*target.Item { + toReturn := map[string]*target.Item{} + for i := startingIndex; i < n+startingIndex; i++ { + collector := fmt.Sprintf("collector-%d", colIndex(i, numCollectors)) + label := model.LabelSet{ + "collector": model.LabelValue(collector), + "i": model.LabelValue(strconv.Itoa(i)), + "total": model.LabelValue(strconv.Itoa(n + startingIndex)), + } + newTarget := target.NewItem(fmt.Sprintf("test-job-%d", i), fmt.Sprintf("test-url-%d", i), label, collector) + toReturn[newTarget.Hash()] = newTarget + } + return toReturn +} + +func MakeNCollectors(n int, startingIndex int) map[string]*Collector { + toReturn := map[string]*Collector{} + for i := startingIndex; i < n+startingIndex; i++ { + collector := fmt.Sprintf("collector-%d", i) + toReturn[collector] = &Collector{ + Name: collector, + NumTargets: 0, + } + } + return toReturn +} + +func MakeNNewTargetsWithEmptyCollectors(n int, startingIndex int) map[string]*target.Item { + toReturn := map[string]*target.Item{} + for i := startingIndex; i < n+startingIndex; i++ { + label := model.LabelSet{ + "i": model.LabelValue(strconv.Itoa(i)), + "total": model.LabelValue(strconv.Itoa(n + startingIndex)), + } + newTarget := target.NewItem(fmt.Sprintf("test-job-%d", i), fmt.Sprintf("test-url-%d", i), label, "") + toReturn[newTarget.Hash()] = newTarget + } + return toReturn +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing.go new file mode 100644 index 000000000..4bff39eee --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing.go @@ -0,0 +1,284 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package allocation + +import ( + "strings" + "sync" + + "github.com/buraksezer/consistent" + "github.com/cespare/xxhash/v2" + "github.com/go-logr/logr" + "github.com/prometheus/client_golang/prometheus" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/diff" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +var _ Allocator = &consistentHashingAllocator{} + +const consistentHashingStrategyName = "consistent-hashing" + +type hasher struct{} + +func (h hasher) Sum64(data []byte) uint64 { + return xxhash.Sum64(data) +} + +type consistentHashingAllocator struct { + // m protects consistentHasher, collectors and targetItems for concurrent use. + m sync.RWMutex + + consistentHasher *consistent.Consistent + + // collectors is a map from a Collector's name to a Collector instance + // collectorKey -> collector pointer + collectors map[string]*Collector + + // targetItems is a map from a target item's hash to the target items allocated state + // targetItem hash -> target item pointer + targetItems map[string]*target.Item + + // collectorKey -> job -> target item hash -> true + targetItemsPerJobPerCollector map[string]map[string]map[string]bool + + log logr.Logger + + filter Filter +} + +func newConsistentHashingAllocator(log logr.Logger, opts ...AllocationOption) Allocator { + config := consistent.Config{ + PartitionCount: 1061, + ReplicationFactor: 5, + Load: 1.1, + Hasher: hasher{}, + } + consistentHasher := consistent.New(nil, config) + chAllocator := &consistentHashingAllocator{ + consistentHasher: consistentHasher, + collectors: make(map[string]*Collector), + targetItems: make(map[string]*target.Item), + targetItemsPerJobPerCollector: make(map[string]map[string]map[string]bool), + log: log, + } + for _, opt := range opts { + opt(chAllocator) + } + + return chAllocator +} + +// SetFilter sets the filtering hook to use. +func (c *consistentHashingAllocator) SetFilter(filter Filter) { + c.filter = filter +} + +// addCollectorTargetItemMapping keeps track of which collector has which jobs and targets +// this allows the allocator to respond without any extra allocations to http calls. The caller of this method +// has to acquire a lock. +func (c *consistentHashingAllocator) addCollectorTargetItemMapping(tg *target.Item) { + if c.targetItemsPerJobPerCollector[tg.CollectorName] == nil { + c.targetItemsPerJobPerCollector[tg.CollectorName] = make(map[string]map[string]bool) + } + if c.targetItemsPerJobPerCollector[tg.CollectorName][tg.JobName] == nil { + c.targetItemsPerJobPerCollector[tg.CollectorName][tg.JobName] = make(map[string]bool) + } + c.targetItemsPerJobPerCollector[tg.CollectorName][tg.JobName][tg.Hash()] = true +} + +// addTargetToTargetItems assigns a target to the collector based on its hash and adds it to the allocator's targetItems +// This method is called from within SetTargets and SetCollectors, which acquire the needed lock. +// This is only called after the collectors are cleared or when a new target has been found in the tempTargetMap. +// INVARIANT: c.collectors must have at least 1 collector set. +// NOTE: by not creating a new target item, there is the potential for a race condition where we modify this target +// item while it's being encoded by the server JSON handler. +func (c *consistentHashingAllocator) addTargetToTargetItems(tg *target.Item) { + // Check if this is a reassignment, if so, decrement the previous collector's NumTargets + if previousColName, ok := c.collectors[tg.CollectorName]; ok { + previousColName.NumTargets-- + delete(c.targetItemsPerJobPerCollector[tg.CollectorName][tg.JobName], tg.Hash()) + TargetsPerCollector.WithLabelValues(previousColName.String(), consistentHashingStrategyName).Set(float64(c.collectors[previousColName.String()].NumTargets)) + } + colOwner := c.consistentHasher.LocateKey([]byte(strings.Join(tg.TargetURL, ""))) + tg.CollectorName = colOwner.String() + c.targetItems[tg.Hash()] = tg + c.addCollectorTargetItemMapping(tg) + c.collectors[colOwner.String()].NumTargets++ + TargetsPerCollector.WithLabelValues(colOwner.String(), consistentHashingStrategyName).Set(float64(c.collectors[colOwner.String()].NumTargets)) +} + +// handleTargets receives the new and removed targets and reconciles the current state. +// Any removals are removed from the allocator's targetItems and unassigned from the corresponding collector. +// Any net-new additions are assigned to the next available collector. +func (c *consistentHashingAllocator) handleTargets(diff diff.Changes[*target.Item]) { + // Check for removals + for k, item := range c.targetItems { + // if the current item is in the removals list + if _, ok := diff.Removals()[k]; ok { + col := c.collectors[item.CollectorName] + col.NumTargets-- + delete(c.targetItems, k) + delete(c.targetItemsPerJobPerCollector[item.CollectorName][item.JobName], item.Hash()) + TargetsPerCollector.WithLabelValues(item.CollectorName, consistentHashingStrategyName).Set(float64(col.NumTargets)) + } + } + + // Check for additions + for k, item := range diff.Additions() { + // Do nothing if the item is already there + if _, ok := c.targetItems[k]; ok { + continue + } else { + // Add item to item pool and assign a collector + c.addTargetToTargetItems(item) + } + } +} + +// handleCollectors receives the new and removed collectors and reconciles the current state. +// Any removals are removed from the allocator's collectors. New collectors are added to the allocator's collector map. +// Finally, update all targets' collectors to match the consistent hashing. +func (c *consistentHashingAllocator) handleCollectors(diff diff.Changes[*Collector]) { + // Clear removed collectors + for _, k := range diff.Removals() { + delete(c.collectors, k.Name) + delete(c.targetItemsPerJobPerCollector, k.Name) + c.consistentHasher.Remove(k.Name) + TargetsPerCollector.WithLabelValues(k.Name, consistentHashingStrategyName).Set(0) + } + // Insert the new collectors + for _, i := range diff.Additions() { + c.collectors[i.Name] = NewCollector(i.Name) + c.consistentHasher.Add(c.collectors[i.Name]) + } + + // Re-Allocate all targets + for _, item := range c.targetItems { + c.addTargetToTargetItems(item) + } +} + +// SetTargets accepts a list of targets that will be used to make +// load balancing decisions. This method should be called when there are +// new targets discovered or existing targets are shutdown. +func (c *consistentHashingAllocator) SetTargets(targets map[string]*target.Item) { + timer := prometheus.NewTimer(TimeToAssign.WithLabelValues("SetTargets", consistentHashingStrategyName)) + defer timer.ObserveDuration() + + if c.filter != nil { + targets = c.filter.Apply(targets) + } + RecordTargetsKept(targets) + + c.m.Lock() + defer c.m.Unlock() + + if len(c.collectors) == 0 { + c.log.Info("No collector instances present, saving targets to allocate to collector(s)") + // If there were no targets discovered previously, assign this as the new set of target items + if len(c.targetItems) == 0 { + c.log.Info("Not discovered any targets previously, saving targets found to the targetItems set") + for k, item := range targets { + c.targetItems[k] = item + } + } else { + // If there were previously discovered targets, add or remove accordingly + targetsDiffEmptyCollectorSet := diff.Maps(c.targetItems, targets) + + // Check for additions + if len(targetsDiffEmptyCollectorSet.Additions()) > 0 { + c.log.Info("New targets discovered, adding new targets to the targetItems set") + for k, item := range targetsDiffEmptyCollectorSet.Additions() { + // Do nothing if the item is already there + if _, ok := c.targetItems[k]; ok { + continue + } else { + // Add item to item pool + c.targetItems[k] = item + } + } + } + + // Check for deletions + if len(targetsDiffEmptyCollectorSet.Removals()) > 0 { + c.log.Info("Targets removed, Removing targets from the targetItems set") + for k := range targetsDiffEmptyCollectorSet.Removals() { + // Delete item from target items + delete(c.targetItems, k) + } + } + } + return + } + // Check for target changes + targetsDiff := diff.Maps(c.targetItems, targets) + // If there are any additions or removals + if len(targetsDiff.Additions()) != 0 || len(targetsDiff.Removals()) != 0 { + c.handleTargets(targetsDiff) + } +} + +// SetCollectors sets the set of collectors with key=collectorName, value=Collector object. +// This method is called when Collectors are added or removed. +func (c *consistentHashingAllocator) SetCollectors(collectors map[string]*Collector) { + timer := prometheus.NewTimer(TimeToAssign.WithLabelValues("SetCollectors", consistentHashingStrategyName)) + defer timer.ObserveDuration() + + CollectorsAllocatable.WithLabelValues(consistentHashingStrategyName).Set(float64(len(collectors))) + if len(collectors) == 0 { + c.log.Info("No collector instances present") + return + } + + c.m.Lock() + defer c.m.Unlock() + + // Check for collector changes + collectorsDiff := diff.Maps(c.collectors, collectors) + if len(collectorsDiff.Additions()) != 0 || len(collectorsDiff.Removals()) != 0 { + c.handleCollectors(collectorsDiff) + } + c.log.Info("Setting collector completed") +} + +func (c *consistentHashingAllocator) GetTargetsForCollectorAndJob(collector string, job string) []*target.Item { + c.m.RLock() + defer c.m.RUnlock() + if _, ok := c.targetItemsPerJobPerCollector[collector]; !ok { + return []*target.Item{} + } + if _, ok := c.targetItemsPerJobPerCollector[collector][job]; !ok { + return []*target.Item{} + } + targetItemsCopy := make([]*target.Item, len(c.targetItemsPerJobPerCollector[collector][job])) + index := 0 + for targetHash := range c.targetItemsPerJobPerCollector[collector][job] { + targetItemsCopy[index] = c.targetItems[targetHash] + index++ + } + return targetItemsCopy +} + +// TargetItems returns a shallow copy of the targetItems map. +func (c *consistentHashingAllocator) TargetItems() map[string]*target.Item { + c.m.RLock() + defer c.m.RUnlock() + targetItemsCopy := make(map[string]*target.Item) + for k, v := range c.targetItems { + targetItemsCopy[k] = v + } + return targetItemsCopy +} + +// Collectors returns a shallow copy of the collectors map. +func (c *consistentHashingAllocator) Collectors() map[string]*Collector { + c.m.RLock() + defer c.m.RUnlock() + collectorsCopy := make(map[string]*Collector) + for k, v := range c.collectors { + collectorsCopy[k] = v + } + return collectorsCopy +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing_test.go new file mode 100644 index 000000000..8070c0ed2 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/consistent_hashing_test.go @@ -0,0 +1,136 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package allocation + +import ( + "testing" + + "github.com/stretchr/testify/assert" + logf "sigs.k8s.io/controller-runtime/pkg/log" +) + +var logger = logf.Log.WithName("unit-tests") + +func TestCanSetSingleTarget(t *testing.T) { + cols := MakeNCollectors(3, 0) + c := newConsistentHashingAllocator(logger) + c.SetCollectors(cols) + c.SetTargets(MakeNNewTargets(1, 3, 0)) + actualTargetItems := c.TargetItems() + assert.Len(t, actualTargetItems, 1) + for _, item := range actualTargetItems { + assert.Equal(t, "collector-0", item.CollectorName) + } +} + +func TestRelativelyEvenDistribution(t *testing.T) { + numCols := 15 + numItems := 10000 + cols := MakeNCollectors(numCols, 0) + var expectedPerCollector = float64(numItems / numCols) + expectedDelta := (expectedPerCollector * 1.5) - expectedPerCollector + c := newConsistentHashingAllocator(logger) + c.SetCollectors(cols) + c.SetTargets(MakeNNewTargets(numItems, 0, 0)) + actualTargetItems := c.TargetItems() + assert.Len(t, actualTargetItems, numItems) + actualCollectors := c.Collectors() + assert.Len(t, actualCollectors, numCols) + for _, col := range actualCollectors { + assert.InDelta(t, col.NumTargets, expectedPerCollector, expectedDelta) + } +} + +func TestFullReallocation(t *testing.T) { + cols := MakeNCollectors(10, 0) + c := newConsistentHashingAllocator(logger) + c.SetCollectors(cols) + c.SetTargets(MakeNNewTargets(10000, 10, 0)) + actualTargetItems := c.TargetItems() + assert.Len(t, actualTargetItems, 10000) + actualCollectors := c.Collectors() + assert.Len(t, actualCollectors, 10) + newCols := MakeNCollectors(10, 10) + c.SetCollectors(newCols) + updatedTargetItems := c.TargetItems() + assert.Len(t, updatedTargetItems, 10000) + updatedCollectors := c.Collectors() + assert.Len(t, updatedCollectors, 10) + for _, item := range updatedTargetItems { + _, ok := updatedCollectors[item.CollectorName] + assert.True(t, ok, "Some items weren't reallocated correctly") + } +} + +func TestNumRemapped(t *testing.T) { + numItems := 10_000 + numInitialCols := 15 + numFinalCols := 16 + expectedDelta := float64((numFinalCols - numInitialCols) * (numItems / numFinalCols)) + cols := MakeNCollectors(numInitialCols, 0) + c := newConsistentHashingAllocator(logger) + c.SetCollectors(cols) + c.SetTargets(MakeNNewTargets(numItems, numInitialCols, 0)) + actualTargetItems := c.TargetItems() + assert.Len(t, actualTargetItems, numItems) + actualCollectors := c.Collectors() + assert.Len(t, actualCollectors, numInitialCols) + newCols := MakeNCollectors(numFinalCols, 0) + c.SetCollectors(newCols) + updatedTargetItems := c.TargetItems() + assert.Len(t, updatedTargetItems, numItems) + updatedCollectors := c.Collectors() + assert.Len(t, updatedCollectors, numFinalCols) + countRemapped := 0 + countNotRemapped := 0 + for _, item := range updatedTargetItems { + previousItem, ok := actualTargetItems[item.Hash()] + assert.True(t, ok) + if previousItem.CollectorName != item.CollectorName { + countRemapped++ + } else { + countNotRemapped++ + } + } + assert.InDelta(t, numItems/numFinalCols, countRemapped, expectedDelta) +} + +func TestTargetsWithNoCollectorsConsistentHashing(t *testing.T) { + + c := newConsistentHashingAllocator(logger) + + // Adding 10 new targets + numItems := 10 + c.SetTargets(MakeNNewTargetsWithEmptyCollectors(numItems, 0)) + actualTargetItems := c.TargetItems() + assert.Len(t, actualTargetItems, numItems) + + // Adding 5 new targets, and removing the old 10 targets + numItemsUpdate := 5 + c.SetTargets(MakeNNewTargetsWithEmptyCollectors(numItemsUpdate, 10)) + actualTargetItemsUpdated := c.TargetItems() + assert.Len(t, actualTargetItemsUpdated, numItemsUpdate) + + // Adding 5 new targets, and one existing target + numItemsUpdate = 6 + c.SetTargets(MakeNNewTargetsWithEmptyCollectors(numItemsUpdate, 14)) + actualTargetItemsUpdated = c.TargetItems() + assert.Len(t, actualTargetItemsUpdated, numItemsUpdate) + + // Adding collectors to test allocation + numCols := 2 + cols := MakeNCollectors(2, 0) + c.SetCollectors(cols) + var expectedPerCollector = float64(numItemsUpdate / numCols) + expectedDelta := (expectedPerCollector * 1.5) - expectedPerCollector + // Checking to see that there is no change to number of targets + actualTargetItems = c.TargetItems() + assert.Len(t, actualTargetItems, numItemsUpdate) + // Checking to see collectors are added correctly + actualCollectors := c.Collectors() + assert.Len(t, actualCollectors, numCols) + for _, col := range actualCollectors { + assert.InDelta(t, col.NumTargets, expectedPerCollector, expectedDelta) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy.go new file mode 100644 index 000000000..5f5285ece --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy.go @@ -0,0 +1,118 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package allocation + +import ( + "errors" + "fmt" + + "github.com/buraksezer/consistent" + "github.com/go-logr/logr" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +type AllocatorProvider func(log logr.Logger, opts ...AllocationOption) Allocator + +var ( + registry = map[string]AllocatorProvider{} + + // TargetsPerCollector records how many targets have been assigned to each collector. + // It is currently the responsibility of the strategy to track this information. + TargetsPerCollector = promauto.NewGaugeVec(prometheus.GaugeOpts{ + Name: "cloudwatch_agent_allocator_targets_per_collector", + Help: "The number of targets for each collector.", + }, []string{"collector_name", "strategy"}) + CollectorsAllocatable = promauto.NewGaugeVec(prometheus.GaugeOpts{ + Name: "cloudwatch_agent_allocator_collectors_allocatable", + Help: "Number of collectors the allocator is able to allocate to.", + }, []string{"strategy"}) + TimeToAssign = promauto.NewHistogramVec(prometheus.HistogramOpts{ + Name: "cloudwatch_agent_allocator_time_to_allocate", + Help: "The time it takes to allocate", + }, []string{"method", "strategy"}) + targetsRemaining = promauto.NewCounter(prometheus.CounterOpts{ + Name: "cloudwatch_agent_allocator_targets_remaining", + Help: "Number of targets kept after filtering.", + }) +) + +type AllocationOption func(Allocator) + +type Filter interface { + Apply(map[string]*target.Item) map[string]*target.Item +} + +func WithFilter(filter Filter) AllocationOption { + return func(allocator Allocator) { + allocator.SetFilter(filter) + } +} + +func RecordTargetsKept(targets map[string]*target.Item) { + targetsRemaining.Add(float64(len(targets))) +} + +func New(name string, log logr.Logger, opts ...AllocationOption) (Allocator, error) { + if p, ok := registry[name]; ok { + return p(log.WithValues("allocator", name), opts...), nil + } + return nil, fmt.Errorf("unregistered strategy: %s", name) +} + +func Register(name string, provider AllocatorProvider) error { + if _, ok := registry[name]; ok { + return errors.New("already registered") + } + registry[name] = provider + return nil +} + +func GetRegisteredAllocatorNames() []string { + var names []string + for s := range registry { + names = append(names, s) + } + return names +} + +type Allocator interface { + SetCollectors(collectors map[string]*Collector) + SetTargets(targets map[string]*target.Item) + TargetItems() map[string]*target.Item + Collectors() map[string]*Collector + GetTargetsForCollectorAndJob(collector string, job string) []*target.Item + SetFilter(filter Filter) +} + +var _ consistent.Member = Collector{} + +// Collector Creates a struct that holds Collector information. +// This struct will be parsed into endpoint with Collector and jobs info. +// This struct can be extended with information like annotations and labels in the future. +type Collector struct { + Name string + NumTargets int +} + +func (c Collector) Hash() string { + return c.Name +} + +func (c Collector) String() string { + return c.Name +} + +func NewCollector(name string) *Collector { + return &Collector{Name: name} +} + +func init() { + err := Register(consistentHashingStrategyName, newConsistentHashingAllocator) + if err != nil { + panic(err) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy_test.go new file mode 100644 index 000000000..0437ed021 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/allocation/strategy_test.go @@ -0,0 +1,125 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package allocation + +import ( + "fmt" + "reflect" + "testing" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/diff" +) + +func BenchmarkGetAllTargetsByCollectorAndJob(b *testing.B) { + var table = []struct { + numCollectors int + numJobs int + }{ + {numCollectors: 100, numJobs: 100}, + {numCollectors: 100, numJobs: 1000}, + {numCollectors: 100, numJobs: 10000}, + {numCollectors: 100, numJobs: 100000}, + {numCollectors: 1000, numJobs: 100}, + {numCollectors: 1000, numJobs: 1000}, + {numCollectors: 1000, numJobs: 10000}, + {numCollectors: 1000, numJobs: 100000}, + } + for _, s := range GetRegisteredAllocatorNames() { + for _, v := range table { + a, err := New(s, logger) + if err != nil { + b.Log(err) + b.Fail() + } + cols := MakeNCollectors(v.numCollectors, 0) + jobs := MakeNNewTargets(v.numJobs, v.numCollectors, 0) + a.SetCollectors(cols) + a.SetTargets(jobs) + b.Run(fmt.Sprintf("%s_num_cols_%d_num_jobs_%d", s, v.numCollectors, v.numJobs), func(b *testing.B) { + b.ReportAllocs() + for i := 0; i < b.N; i++ { + a.GetTargetsForCollectorAndJob(fmt.Sprintf("collector-%d", v.numCollectors/2), fmt.Sprintf("test-job-%d", v.numJobs/2)) + } + }) + } + } +} + +func Benchmark_Setting(b *testing.B) { + var table = []struct { + numCollectors int + numTargets int + }{ + {numCollectors: 100, numTargets: 100}, + {numCollectors: 100, numTargets: 1000}, + {numCollectors: 100, numTargets: 10000}, + {numCollectors: 100, numTargets: 100000}, + {numCollectors: 1000, numTargets: 100}, + {numCollectors: 1000, numTargets: 1000}, + {numCollectors: 1000, numTargets: 10000}, + {numCollectors: 1000, numTargets: 100000}, + } + + for _, s := range GetRegisteredAllocatorNames() { + for _, v := range table { + a, _ := New(s, logger) + cols := MakeNCollectors(v.numCollectors, 0) + targets := MakeNNewTargets(v.numTargets, v.numCollectors, 0) + b.Run(fmt.Sprintf("%s_num_cols_%d_num_jobs_%d", s, v.numCollectors, v.numTargets), func(b *testing.B) { + b.ReportAllocs() + for i := 0; i < b.N; i++ { + a.SetCollectors(cols) + a.SetTargets(targets) + } + }) + } + } +} + +func TestCollectorDiff(t *testing.T) { + collector0 := NewCollector("collector-0") + collector1 := NewCollector("collector-1") + collector2 := NewCollector("collector-2") + collector3 := NewCollector("collector-3") + collector4 := NewCollector("collector-4") + type args struct { + current map[string]*Collector + new map[string]*Collector + } + tests := []struct { + name string + args args + want diff.Changes[*Collector] + }{ + { + name: "diff two collector maps", + args: args{ + current: map[string]*Collector{ + "collector-0": collector0, + "collector-1": collector1, + "collector-2": collector2, + "collector-3": collector3, + }, + new: map[string]*Collector{ + "collector-0": collector0, + "collector-1": collector1, + "collector-2": collector2, + "collector-4": collector4, + }, + }, + want: diff.NewChanges(map[string]*Collector{ + "collector-4": collector4, + }, map[string]*Collector{ + "collector-3": collector3, + }), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := diff.Maps(tt.args.current, tt.args.new); !reflect.DeepEqual(got, tt.want) { + t.Errorf("DiffMaps() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector.go b/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector.go new file mode 100644 index 000000000..60bda6bca --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector.go @@ -0,0 +1,132 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package collector + +import ( + "context" + "os" + "time" + + "github.com/go-logr/logr" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" +) + +const ( + watcherTimeout = 15 * time.Minute +) + +var ( + ns = os.Getenv("OTELCOL_NAMESPACE") + collectorsDiscovered = promauto.NewGauge(prometheus.GaugeOpts{ + Name: "amazon_cloudwatch_agent_allocator_collectors_discovered", + Help: "Number of collectors discovered.", + }) +) + +type Client struct { + log logr.Logger + k8sClient kubernetes.Interface + close chan struct{} +} + +func NewClient(logger logr.Logger, kubeConfig *rest.Config) (*Client, error) { + clientset, err := kubernetes.NewForConfig(kubeConfig) + if err != nil { + return &Client{}, err + } + + return &Client{ + log: logger.WithValues("component", "amazon-cloudwatch-agent-target-allocator"), + k8sClient: clientset, + close: make(chan struct{}), + }, nil +} + +func (k *Client) Watch(ctx context.Context, labelMap map[string]string, fn func(collectors map[string]*allocation.Collector)) error { + collectorMap := map[string]*allocation.Collector{} + + opts := metav1.ListOptions{ + LabelSelector: labels.SelectorFromSet(labelMap).String(), + } + pods, err := k.k8sClient.CoreV1().Pods(ns).List(ctx, opts) + if err != nil { + k.log.Error(err, "Pod failure") + os.Exit(1) + } + for i := range pods.Items { + pod := pods.Items[i] + if pod.GetObjectMeta().GetDeletionTimestamp() == nil { + collectorMap[pod.Name] = allocation.NewCollector(pod.Name) + } + } + fn(collectorMap) + + for { + if !k.restartWatch(ctx, opts, collectorMap, fn) { + return nil + } + } +} + +func (k *Client) restartWatch(ctx context.Context, opts metav1.ListOptions, collectorMap map[string]*allocation.Collector, fn func(collectors map[string]*allocation.Collector)) bool { + // add timeout to the context before calling Watch + ctx, cancel := context.WithTimeout(ctx, watcherTimeout) + defer cancel() + watcher, err := k.k8sClient.CoreV1().Pods(ns).Watch(ctx, opts) + if err != nil { + k.log.Error(err, "unable to create collector pod watcher") + return false + } + k.log.Info("Successfully started a collector pod watcher") + if msg := runWatch(ctx, k, watcher.ResultChan(), collectorMap, fn); msg != "" { + k.log.Info("Collector pod watch event stopped " + msg) + return false + } + + return true +} + +func runWatch(ctx context.Context, k *Client, c <-chan watch.Event, collectorMap map[string]*allocation.Collector, fn func(collectors map[string]*allocation.Collector)) string { + for { + collectorsDiscovered.Set(float64(len(collectorMap))) + select { + case <-k.close: + return "kubernetes client closed" + case <-ctx.Done(): + return "" // this means that the watcher most likely timed out + case event, ok := <-c: + if !ok { + k.log.Info("No event found. Restarting watch routine") + return "" + } + + pod, ok := event.Object.(*v1.Pod) + if !ok { + k.log.Info("No pod found in event Object. Restarting watch routine") + return "" + } + + switch event.Type { //nolint:exhaustive + case watch.Added: + collectorMap[pod.Name] = allocation.NewCollector(pod.Name) + case watch.Deleted: + delete(collectorMap, pod.Name) + } + fn(collectorMap) + } + } +} + +func (k *Client) Close() { + close(k.close) +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go new file mode 100644 index 000000000..002e25401 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go @@ -0,0 +1,210 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package collector + +import ( + "context" + "fmt" + "os" + "sync" + "testing" + "time" + + "k8s.io/apimachinery/pkg/watch" + logf "sigs.k8s.io/controller-runtime/pkg/log" + + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/kubernetes/fake" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" +) + +var logger = logf.Log.WithName("collector-unit-tests") + +func getTestClient() (Client, watch.Interface) { + kubeClient := Client{ + k8sClient: fake.NewSimpleClientset(), + close: make(chan struct{}), + log: logger, + } + + labelMap := map[string]string{ + "app.kubernetes.io/instance": "default.test", + "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", + } + + opts := metav1.ListOptions{ + LabelSelector: labels.SelectorFromSet(labelMap).String(), + } + watcher, err := kubeClient.k8sClient.CoreV1().Pods("test-ns").Watch(context.Background(), opts) + if err != nil { + fmt.Printf("failed to setup a Collector Pod watcher: %v", err) + os.Exit(1) + } + return kubeClient, watcher +} + +func pod(name string) *v1.Pod { + labelSet := make(map[string]string) + labelSet["app.kubernetes.io/instance"] = "default.test" + labelSet["app.kubernetes.io/managed-by"] = "amazon-cloudwatch-agent-operator" + + return &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: "test-ns", + Labels: labelSet, + }, + } +} + +func Test_runWatch(t *testing.T) { + type args struct { + kubeFn func(t *testing.T, client Client, group *sync.WaitGroup) + collectorMap map[string]*allocation.Collector + } + tests := []struct { + name string + args args + want map[string]*allocation.Collector + }{ + { + name: "pod add", + args: args{ + kubeFn: func(t *testing.T, client Client, group *sync.WaitGroup) { + for _, k := range []string{"test-pod1", "test-pod2", "test-pod3"} { + p := pod(k) + group.Add(1) + _, err := client.k8sClient.CoreV1().Pods("test-ns").Create(context.Background(), p, metav1.CreateOptions{}) + assert.NoError(t, err) + } + }, + collectorMap: map[string]*allocation.Collector{}, + }, + want: map[string]*allocation.Collector{ + "test-pod1": { + Name: "test-pod1", + }, + "test-pod2": { + Name: "test-pod2", + }, + "test-pod3": { + Name: "test-pod3", + }, + }, + }, + { + name: "pod delete", + args: args{ + kubeFn: func(t *testing.T, client Client, group *sync.WaitGroup) { + for _, k := range []string{"test-pod2", "test-pod3"} { + group.Add(1) + err := client.k8sClient.CoreV1().Pods("test-ns").Delete(context.Background(), k, metav1.DeleteOptions{}) + assert.NoError(t, err) + } + }, + collectorMap: map[string]*allocation.Collector{ + "test-pod1": { + Name: "test-pod1", + }, + "test-pod2": { + Name: "test-pod2", + }, + "test-pod3": { + Name: "test-pod3", + }, + }, + }, + want: map[string]*allocation.Collector{ + "test-pod1": { + Name: "test-pod1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + kubeClient, watcher := getTestClient() + defer func() { + close(kubeClient.close) + watcher.Stop() + }() + var wg sync.WaitGroup + actual := make(map[string]*allocation.Collector) + for _, k := range tt.args.collectorMap { + p := pod(k.Name) + _, err := kubeClient.k8sClient.CoreV1().Pods("test-ns").Create(context.Background(), p, metav1.CreateOptions{}) + wg.Add(1) + assert.NoError(t, err) + } + go runWatch(context.Background(), &kubeClient, watcher.ResultChan(), map[string]*allocation.Collector{}, func(colMap map[string]*allocation.Collector) { + actual = colMap + wg.Done() + }) + + tt.args.kubeFn(t, kubeClient, &wg) + wg.Wait() + + assert.Len(t, actual, len(tt.want)) + assert.Equal(t, actual, tt.want) + }) + } +} + +// this tests runWatch in the case of watcher channel closing and watcher timing out. +func Test_closeChannel(t *testing.T) { + tests := []struct { + description string + isCloseChannel bool + timeoutSeconds time.Duration + }{ + { + // event is triggered by channel closing. + description: "close_channel", + isCloseChannel: true, + // channel should be closed before this timeout occurs + timeoutSeconds: 10 * time.Second, + }, + { + // event triggered by timeout. + description: "watcher_timeout", + isCloseChannel: false, + timeoutSeconds: 0 * time.Second, + }, + } + + for _, tc := range tests { + t.Run(tc.description, func(t *testing.T) { + kubeClient, watcher := getTestClient() + + defer func() { + close(kubeClient.close) + watcher.Stop() + }() + var wg sync.WaitGroup + wg.Add(1) + terminated := false + + go func(watcher watch.Interface) { + defer wg.Done() + ctx, cancel := context.WithTimeout(context.Background(), tc.timeoutSeconds) + defer cancel() + if msg := runWatch(ctx, &kubeClient, watcher.ResultChan(), map[string]*allocation.Collector{}, func(colMap map[string]*allocation.Collector) {}); msg != "" { + terminated = true + return + } + }(watcher) + + if tc.isCloseChannel { + // stop pod watcher to trigger event. + watcher.Stop() + } + wg.Wait() + assert.False(t, terminated) + }) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/config.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/config.go new file mode 100644 index 000000000..df2547712 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/config/config.go @@ -0,0 +1,170 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package config + +import ( + "errors" + "fmt" + "io/fs" + "os" + "time" + + "github.com/go-logr/logr" + "github.com/prometheus/common/model" + promconfig "github.com/prometheus/prometheus/config" + _ "github.com/prometheus/prometheus/discovery/install" + "github.com/spf13/pflag" + "gopkg.in/yaml.v2" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" + "k8s.io/klog/v2" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" +) + +const DefaultResyncTime = 5 * time.Minute +const DefaultConfigFilePath string = "/conf/targetallocator.yaml" +const DefaultCRScrapeInterval model.Duration = model.Duration(time.Second * 30) +const DefaultAllocationStrategy string = "consistent-hashing" + +type Config struct { + ListenAddr string `yaml:"listen_addr,omitempty"` + KubeConfigFilePath string `yaml:"kube_config_file_path,omitempty"` + ClusterConfig *rest.Config `yaml:"-"` + RootLogger logr.Logger `yaml:"-"` + ReloadConfig bool `yaml:"-"` + LabelSelector map[string]string `yaml:"label_selector,omitempty"` + PromConfig *promconfig.Config `yaml:"config"` + AllocationStrategy *string `yaml:"allocation_strategy,omitempty"` + FilterStrategy *string `yaml:"filter_strategy,omitempty"` + PrometheusCR PrometheusCRConfig `yaml:"prometheus_cr,omitempty"` + PodMonitorSelector map[string]string `yaml:"pod_monitor_selector,omitempty"` + ServiceMonitorSelector map[string]string `yaml:"service_monitor_selector,omitempty"` +} + +type PrometheusCRConfig struct { + Enabled bool `yaml:"enabled,omitempty"` + ScrapeInterval model.Duration `yaml:"scrape_interval,omitempty"` +} + +func (c Config) GetAllocationStrategy() string { + if c.AllocationStrategy != nil { + return *c.AllocationStrategy + } + return DefaultAllocationStrategy +} + +func (c Config) GetTargetsFilterStrategy() string { + if c.FilterStrategy != nil { + return *c.FilterStrategy + } + return "" +} + +func LoadFromFile(file string, target *Config) error { + return unmarshal(target, file) +} + +func LoadFromCLI(target *Config, flagSet *pflag.FlagSet) error { + var err error + // set the rest of the config attributes based on command-line flag values + target.RootLogger = zap.New(zap.UseFlagOptions(&zapCmdLineOpts)) + klog.SetLogger(target.RootLogger) + ctrl.SetLogger(target.RootLogger) + + target.KubeConfigFilePath, err = getKubeConfigFilePath(flagSet) + if err != nil { + return err + } + clusterConfig, err := clientcmd.BuildConfigFromFlags("", target.KubeConfigFilePath) + if err != nil { + pathError := &fs.PathError{} + if ok := errors.As(err, &pathError); !ok { + return err + } + clusterConfig, err = rest.InClusterConfig() + if err != nil { + return err + } + target.KubeConfigFilePath = "" + } + target.ClusterConfig = clusterConfig + + target.ListenAddr, err = getListenAddr(flagSet) + if err != nil { + return err + } + + target.PrometheusCR.Enabled, err = getPrometheusCREnabled(flagSet) + if err != nil { + return err + } + + target.ReloadConfig, err = getConfigReloadEnabled(flagSet) + if err != nil { + return err + } + + return nil +} + +func unmarshal(cfg *Config, configFile string) error { + + yamlFile, err := os.ReadFile(configFile) + if err != nil { + return err + } + if err = yaml.UnmarshalStrict(yamlFile, cfg); err != nil { + return fmt.Errorf("error unmarshaling YAML: %w", err) + } + return nil +} + +func CreateDefaultConfig() Config { + var allocation_strategy = DefaultAllocationStrategy + return Config{ + PrometheusCR: PrometheusCRConfig{ + ScrapeInterval: DefaultCRScrapeInterval, + }, + AllocationStrategy: &allocation_strategy, + } +} + +func Load() (*Config, string, error) { + var err error + + flagSet := getFlagSet(pflag.ExitOnError) + err = flagSet.Parse(os.Args) + if err != nil { + return nil, "", err + } + + config := CreateDefaultConfig() + + // load the config from the config file + configFilePath, err := getConfigFilePath(flagSet) + if err != nil { + return nil, "", err + } + err = LoadFromFile(configFilePath, &config) + if err != nil { + return nil, "", err + } + + err = LoadFromCLI(&config, flagSet) + if err != nil { + return nil, "", err + } + + return &config, configFilePath, nil +} + +// ValidateConfig validates the cli and file configs together. +func ValidateConfig(config *Config) error { + scrapeConfigsPresent := (config.PromConfig != nil && len(config.PromConfig.ScrapeConfigs) > 0) + if !(config.PrometheusCR.Enabled || scrapeConfigsPresent) { + return fmt.Errorf("at least one scrape config must be defined, or Prometheus CR watching must be enabled") + } + return nil +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go new file mode 100644 index 000000000..b433a20a8 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go @@ -0,0 +1,212 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package config + +import ( + "fmt" + "testing" + "time" + + commonconfig "github.com/prometheus/common/config" + promconfig "github.com/prometheus/prometheus/config" + + "github.com/prometheus/common/model" + "github.com/prometheus/prometheus/discovery" + "github.com/prometheus/prometheus/discovery/file" + "github.com/stretchr/testify/assert" +) + +func TestLoad(t *testing.T) { + var defaulAllocationStrategy = DefaultAllocationStrategy + type args struct { + file string + } + tests := []struct { + name string + args args + want Config + wantErr assert.ErrorAssertionFunc + }{ + { + name: "file sd load", + args: args{ + file: "./testdata/config_test.yaml", + }, + want: Config{ + AllocationStrategy: &defaulAllocationStrategy, + LabelSelector: map[string]string{ + "app.kubernetes.io/instance": "default.test", + "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", + }, + PrometheusCR: PrometheusCRConfig{ + ScrapeInterval: model.Duration(time.Second * 60), + }, + PromConfig: &promconfig.Config{ + GlobalConfig: promconfig.GlobalConfig{ + ScrapeInterval: model.Duration(60 * time.Second), + ScrapeTimeout: model.Duration(10 * time.Second), + EvaluationInterval: model.Duration(60 * time.Second), + }, + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "prometheus", + HonorTimestamps: true, + ScrapeInterval: model.Duration(60 * time.Second), + ScrapeTimeout: model.Duration(10 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + EnableHTTP2: true, + }, + ServiceDiscoveryConfigs: []discovery.Config{ + &file.SDConfig{ + Files: []string{"./file_sd_test.json"}, + RefreshInterval: model.Duration(5 * time.Minute), + }, + discovery.StaticConfig{ + { + Targets: []model.LabelSet{ + {model.AddressLabel: "prom.domain:9001"}, + {model.AddressLabel: "prom.domain:9002"}, + {model.AddressLabel: "prom.domain:9003"}, + }, + Labels: model.LabelSet{ + "my": "label", + }, + Source: "0", + }, + }, + }, + }, + }, + }, + }, + wantErr: assert.NoError, + }, + { + name: "no config", + args: args{ + file: "./testdata/no_config.yaml", + }, + want: CreateDefaultConfig(), + wantErr: assert.NoError, + }, + { + name: "service monitor pod monitor selector", + args: args{ + file: "./testdata/pod_service_selector_test.yaml", + }, + want: Config{ + AllocationStrategy: &defaulAllocationStrategy, + LabelSelector: map[string]string{ + "app.kubernetes.io/instance": "default.test", + "app.kubernetes.io/managed-by": "amazon-cloudwatch-agent-operator", + }, + PrometheusCR: PrometheusCRConfig{ + ScrapeInterval: DefaultCRScrapeInterval, + }, + PromConfig: &promconfig.Config{ + GlobalConfig: promconfig.GlobalConfig{ + ScrapeInterval: model.Duration(60 * time.Second), + ScrapeTimeout: model.Duration(10 * time.Second), + EvaluationInterval: model.Duration(60 * time.Second), + }, + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "prometheus", + HonorTimestamps: true, + ScrapeInterval: model.Duration(60 * time.Second), + ScrapeTimeout: model.Duration(10 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + EnableHTTP2: true, + }, + ServiceDiscoveryConfigs: []discovery.Config{ + discovery.StaticConfig{ + { + Targets: []model.LabelSet{ + {model.AddressLabel: "prom.domain:9001"}, + {model.AddressLabel: "prom.domain:9002"}, + {model.AddressLabel: "prom.domain:9003"}, + }, + Labels: model.LabelSet{ + "my": "label", + }, + Source: "0", + }, + }, + }, + }, + }, + }, + PodMonitorSelector: map[string]string{ + "release": "test", + }, + ServiceMonitorSelector: map[string]string{ + "release": "test", + }, + }, + wantErr: assert.NoError, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := CreateDefaultConfig() + err := LoadFromFile(tt.args.file, &got) + if !tt.wantErr(t, err, fmt.Sprintf("Load(%v)", tt.args.file)) { + return + } + assert.Equalf(t, tt.want, got, "Load(%v)", tt.args.file) + }) + } +} + +func TestValidateConfig(t *testing.T) { + testCases := []struct { + name string + fileConfig Config + expectedErr error + }{ + { + name: "promCR enabled, no Prometheus config", + fileConfig: Config{PromConfig: nil, PrometheusCR: PrometheusCRConfig{Enabled: true}}, + expectedErr: nil, + }, + { + name: "promCR disabled, no Prometheus config", + fileConfig: Config{PromConfig: nil}, + expectedErr: fmt.Errorf("at least one scrape config must be defined, or Prometheus CR watching must be enabled"), + }, + { + name: "promCR disabled, Prometheus config present, no scrapeConfigs", + fileConfig: Config{PromConfig: &promconfig.Config{}}, + expectedErr: fmt.Errorf("at least one scrape config must be defined, or Prometheus CR watching must be enabled"), + }, + { + name: "promCR disabled, Prometheus config present, scrapeConfigs present", + fileConfig: Config{ + PromConfig: &promconfig.Config{ScrapeConfigs: []*promconfig.ScrapeConfig{{}}}, + }, + expectedErr: nil, + }, + { + name: "promCR enabled, Prometheus config present, scrapeConfigs present", + fileConfig: Config{ + PromConfig: &promconfig.Config{ScrapeConfigs: []*promconfig.ScrapeConfig{{}}}, + PrometheusCR: PrometheusCRConfig{Enabled: true}, + }, + expectedErr: nil, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + err := ValidateConfig(&tc.fileConfig) + assert.Equal(t, tc.expectedErr, err) + }) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/flags.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/flags.go new file mode 100644 index 000000000..cb143aa59 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/config/flags.go @@ -0,0 +1,59 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package config + +import ( + "flag" + "path/filepath" + + "github.com/spf13/pflag" + "k8s.io/client-go/util/homedir" + "sigs.k8s.io/controller-runtime/pkg/log/zap" +) + +// Flag names. +const ( + targetAllocatorName = "target-allocator" + configFilePathFlagName = "config-file" + listenAddrFlagName = "listen-addr" + prometheusCREnabledFlagName = "enable-prometheus-cr-watcher" + kubeConfigPathFlagName = "kubeconfig-path" + reloadConfigFlagName = "reload-config" +) + +// We can't bind this flag to our FlagSet, so we need to handle it separately. +var zapCmdLineOpts zap.Options + +func getFlagSet(errorHandling pflag.ErrorHandling) *pflag.FlagSet { + flagSet := pflag.NewFlagSet(targetAllocatorName, errorHandling) + flagSet.String(configFilePathFlagName, DefaultConfigFilePath, "The path to the config file.") + flagSet.String(listenAddrFlagName, ":8080", "The address where this service serves.") + flagSet.Bool(prometheusCREnabledFlagName, false, "Enable Prometheus CRs as target sources") + flagSet.String(kubeConfigPathFlagName, filepath.Join(homedir.HomeDir(), ".kube", "config"), "absolute path to the KubeconfigPath file") + flagSet.Bool(reloadConfigFlagName, false, "Enable automatic configuration reloading. This functionality is deprecated and will be removed in a future release.") + zapFlagSet := flag.NewFlagSet("", flag.ErrorHandling(errorHandling)) + zapCmdLineOpts.BindFlags(zapFlagSet) + flagSet.AddGoFlagSet(zapFlagSet) + return flagSet +} + +func getConfigFilePath(flagSet *pflag.FlagSet) (string, error) { + return flagSet.GetString(configFilePathFlagName) +} + +func getKubeConfigFilePath(flagSet *pflag.FlagSet) (string, error) { + return flagSet.GetString(kubeConfigPathFlagName) +} + +func getListenAddr(flagSet *pflag.FlagSet) (string, error) { + return flagSet.GetString(listenAddrFlagName) +} + +func getPrometheusCREnabled(flagSet *pflag.FlagSet) (bool, error) { + return flagSet.GetBool(prometheusCREnabledFlagName) +} + +func getConfigReloadEnabled(flagSet *pflag.FlagSet) (bool, error) { + return flagSet.GetBool(reloadConfigFlagName) +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/flags_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/flags_test.go new file mode 100644 index 000000000..cc7789ca9 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/config/flags_test.go @@ -0,0 +1,86 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package config + +import ( + "path/filepath" + "testing" + + "github.com/spf13/pflag" + "github.com/stretchr/testify/assert" +) + +func TestGetFlagSet(t *testing.T) { + fs := getFlagSet(pflag.ExitOnError) + + // Check if each flag exists + assert.NotNil(t, fs.Lookup(configFilePathFlagName), "Flag %s not found", configFilePathFlagName) + assert.NotNil(t, fs.Lookup(listenAddrFlagName), "Flag %s not found", listenAddrFlagName) + assert.NotNil(t, fs.Lookup(prometheusCREnabledFlagName), "Flag %s not found", prometheusCREnabledFlagName) + assert.NotNil(t, fs.Lookup(kubeConfigPathFlagName), "Flag %s not found", kubeConfigPathFlagName) +} + +func TestFlagGetters(t *testing.T) { + tests := []struct { + name string + flagArgs []string + expectedValue interface{} + expectedErr bool + getterFunc func(*pflag.FlagSet) (interface{}, error) + }{ + { + name: "GetConfigFilePath", + flagArgs: []string{"--" + configFilePathFlagName, "/path/to/config"}, + expectedValue: "/path/to/config", + getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getConfigFilePath(fs) }, + }, + { + name: "GetKubeConfigFilePath", + flagArgs: []string{"--" + kubeConfigPathFlagName, filepath.Join("~", ".kube", "config")}, + expectedValue: filepath.Join("~", ".kube", "config"), + getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getKubeConfigFilePath(fs) }, + }, + { + name: "GetListenAddr", + flagArgs: []string{"--" + listenAddrFlagName, ":8081"}, + expectedValue: ":8081", + getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getListenAddr(fs) }, + }, + { + name: "GetPrometheusCREnabled", + flagArgs: []string{"--" + prometheusCREnabledFlagName, "true"}, + expectedValue: true, + getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getPrometheusCREnabled(fs) }, + }, + { + name: "GetConfigReloadEnabled", + flagArgs: []string{"--" + reloadConfigFlagName, "true"}, + expectedValue: true, + getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getConfigReloadEnabled(fs) }, + }, + { + name: "InvalidFlag", + flagArgs: []string{"--invalid-flag", "value"}, + expectedErr: true, + getterFunc: func(fs *pflag.FlagSet) (interface{}, error) { return getConfigFilePath(fs) }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fs := getFlagSet(pflag.ContinueOnError) + err := fs.Parse(tt.flagArgs) + + // If an error is expected during parsing, we check it here. + if tt.expectedErr { + assert.Error(t, err) + return + } + + got, err := tt.getterFunc(fs) + assert.NoError(t, err) + assert.Equal(t, tt.expectedValue, got) + }) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/config_test.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/config_test.yaml new file mode 100644 index 000000000..e5ac5487f --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/config_test.yaml @@ -0,0 +1,17 @@ +label_selector: + app.kubernetes.io/instance: default.test + app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator +prometheus_cr: + scrape_interval: 60s +config: + scrape_configs: + - job_name: prometheus + + file_sd_configs: + - files: + - ./file_sd_test.json + + static_configs: + - targets: ["prom.domain:9001", "prom.domain:9002", "prom.domain:9003"] + labels: + my: label diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/file_sd_test.json b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/file_sd_test.json new file mode 100644 index 000000000..7114e6246 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/file_sd_test.json @@ -0,0 +1,18 @@ +[ + { + "labels": { + "job": "node" + }, + "targets": [ + "promfile.domain:1001" + ] + }, + { + "labels": { + "foo1": "bar1" + }, + "targets": [ + "promfile.domain:3000" + ] + } +] diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/no_config.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/no_config.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/pod_service_selector_test.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/pod_service_selector_test.yaml new file mode 100644 index 000000000..298ce5639 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/config/testdata/pod_service_selector_test.yaml @@ -0,0 +1,14 @@ +label_selector: + app.kubernetes.io/instance: default.test + app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator +pod_monitor_selector: + release: test +service_monitor_selector: + release: test +config: + scrape_configs: + - job_name: prometheus + static_configs: + - targets: ["prom.domain:9001", "prom.domain:9002", "prom.domain:9003"] + labels: + my: label \ No newline at end of file diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff.go b/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff.go new file mode 100644 index 000000000..daac98724 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff.go @@ -0,0 +1,52 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package diff + +// Changes is the result of the difference between two maps – items that are added and items that are removed +// This map is used to reconcile state differences. +type Changes[T Hasher] struct { + additions map[string]T + removals map[string]T +} + +type Hasher interface { + Hash() string +} + +func NewChanges[T Hasher](additions map[string]T, removals map[string]T) Changes[T] { + return Changes[T]{additions: additions, removals: removals} +} + +func (c Changes[T]) Additions() map[string]T { + return c.additions +} + +func (c Changes[T]) Removals() map[string]T { + return c.removals +} + +// Maps generates Changes for two maps with the same type signature by checking for any removals and then checking for +// additions. +// TODO: This doesn't need to create maps, it can return slices only. This function doesn't need to insert the values. +func Maps[T Hasher](current, new map[string]T) Changes[T] { + additions := map[string]T{} + removals := map[string]T{} + for key, newValue := range new { + if currentValue, found := current[key]; !found { + additions[key] = newValue + } else if currentValue.Hash() != newValue.Hash() { + additions[key] = newValue + removals[key] = currentValue + } + } + for key, value := range current { + if _, found := new[key]; !found { + removals[key] = value + } + } + return Changes[T]{ + additions: additions, + removals: removals, + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff_test.go new file mode 100644 index 000000000..d64c1c743 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/diff/diff_test.go @@ -0,0 +1,97 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package diff + +import ( + "reflect" + "testing" +) + +type HasherString string + +func (s HasherString) Hash() string { + return string(s) +} + +func TestDiffMaps(t *testing.T) { + type args struct { + current map[string]Hasher + new map[string]Hasher + } + tests := []struct { + name string + args args + want Changes[Hasher] + }{ + { + name: "basic replacement", + args: args{ + current: map[string]Hasher{ + "current": HasherString("one"), + }, + new: map[string]Hasher{ + "new": HasherString("another"), + }, + }, + want: Changes[Hasher]{ + additions: map[string]Hasher{ + "new": HasherString("another"), + }, + removals: map[string]Hasher{ + "current": HasherString("one"), + }, + }, + }, + { + name: "single addition", + args: args{ + current: map[string]Hasher{ + "current": HasherString("one"), + }, + new: map[string]Hasher{ + "current": HasherString("one"), + "new": HasherString("another"), + }, + }, + want: Changes[Hasher]{ + additions: map[string]Hasher{ + "new": HasherString("another"), + }, + removals: map[string]Hasher{}, + }, + }, + { + name: "value change", + args: args{ + current: map[string]Hasher{ + "k1": HasherString("v1"), + "k2": HasherString("v2"), + "change": HasherString("before"), + }, + new: map[string]Hasher{ + "k1": HasherString("v1"), + "k3": HasherString("v3"), + "change": HasherString("after"), + }, + }, + want: Changes[Hasher]{ + additions: map[string]Hasher{ + "k3": HasherString("v3"), + "change": HasherString("after"), + }, + removals: map[string]Hasher{ + "k2": HasherString("v2"), + "change": HasherString("before"), + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := Maps(tt.args.current, tt.args.new); !reflect.DeepEqual(got, tt.want) { + t.Errorf("DiffMaps() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/main.go b/cmd/amazon-cloudwatch-agent-target-allocator/main.go new file mode 100644 index 000000000..4848ad080 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/main.go @@ -0,0 +1,230 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + "context" + "fmt" + "os" + "os/signal" + "syscall" + + gokitlog "github.com/go-kit/log" + "github.com/oklog/run" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" + "github.com/prometheus/prometheus/discovery" + _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/collector" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/config" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/prehook" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/server" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" + allocatorWatcher "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/watcher" +) + +var ( + setupLog = ctrl.Log.WithName("setup") + eventsMetric = promauto.NewCounterVec(prometheus.CounterOpts{ + Name: "cloudwatch_agent_allocator_events", + Help: "Number of events in the channel.", + }, []string{"source"}) +) + +func main() { + var ( + // allocatorPrehook will be nil if filterStrategy is not set or + // unrecognized. No filtering will be used in this case. + allocatorPrehook prehook.Hook + allocator allocation.Allocator + discoveryManager *discovery.Manager + collectorWatcher *collector.Client + fileWatcher allocatorWatcher.Watcher + promWatcher allocatorWatcher.Watcher + targetDiscoverer *target.Discoverer + + discoveryCancel context.CancelFunc + runGroup run.Group + eventChan = make(chan allocatorWatcher.Event) + eventCloser = make(chan bool, 1) + interrupts = make(chan os.Signal, 1) + errChan = make(chan error) + ) + cfg, configFilePath, err := config.Load() + if err != nil { + fmt.Printf("Failed to load config: %v", err) + os.Exit(1) + } + ctrl.SetLogger(cfg.RootLogger) + + if validationErr := config.ValidateConfig(cfg); validationErr != nil { + setupLog.Error(validationErr, "Invalid configuration") + os.Exit(1) + } + + cfg.RootLogger.Info("Starting the Target Allocator") + ctx := context.Background() + log := ctrl.Log.WithName("allocator") + + allocatorPrehook = prehook.New(cfg.GetTargetsFilterStrategy(), log) + allocator, err = allocation.New(cfg.GetAllocationStrategy(), log, allocation.WithFilter(allocatorPrehook)) + if err != nil { + setupLog.Error(err, "Unable to initialize allocation strategy") + os.Exit(1) + } + srv := server.NewServer(log, allocator, cfg.ListenAddr) + + discoveryCtx, discoveryCancel := context.WithCancel(ctx) + discoveryManager = discovery.NewManager(discoveryCtx, gokitlog.NewNopLogger()) + discovery.RegisterMetrics() // discovery manager metrics need to be enabled explicitly + + targetDiscoverer = target.NewDiscoverer(log, discoveryManager, allocatorPrehook, srv) + collectorWatcher, collectorWatcherErr := collector.NewClient(log, cfg.ClusterConfig) + if collectorWatcherErr != nil { + setupLog.Error(collectorWatcherErr, "Unable to initialize collector watcher") + os.Exit(1) + } + if cfg.ReloadConfig { + fileWatcher, err = allocatorWatcher.NewFileWatcher(setupLog.WithName("file-watcher"), configFilePath) + if err != nil { + setupLog.Error(err, "Can't start the file watcher") + os.Exit(1) + } + } + signal.Notify(interrupts, os.Interrupt, syscall.SIGINT, syscall.SIGTERM) + defer close(interrupts) + + if cfg.PrometheusCR.Enabled { + promWatcher, err = allocatorWatcher.NewPrometheusCRWatcher(setupLog.WithName("prometheus-cr-watcher"), *cfg) + if err != nil { + setupLog.Error(err, "Can't start the prometheus watcher") + os.Exit(1) + } + runGroup.Add( + func() error { + promWatcherErr := promWatcher.Watch(eventChan, errChan) + setupLog.Info("Prometheus watcher exited") + return promWatcherErr + }, + func(_ error) { + setupLog.Info("Closing prometheus watcher") + promWatcherErr := promWatcher.Close() + if promWatcherErr != nil { + setupLog.Error(promWatcherErr, "prometheus watcher failed to close") + } + }) + } + if cfg.ReloadConfig { + runGroup.Add( + func() error { + fileWatcherErr := fileWatcher.Watch(eventChan, errChan) + setupLog.Info("File watcher exited") + return fileWatcherErr + }, + func(_ error) { + setupLog.Info("Closing file watcher") + fileWatcherErr := fileWatcher.Close() + if fileWatcherErr != nil { + setupLog.Error(fileWatcherErr, "file watcher failed to close") + } + }) + } + runGroup.Add( + func() error { + discoveryManagerErr := discoveryManager.Run() + setupLog.Info("Discovery manager exited") + return discoveryManagerErr + }, + func(_ error) { + setupLog.Info("Closing discovery manager") + discoveryCancel() + }) + runGroup.Add( + func() error { + // Initial loading of the config file's scrape config + err = targetDiscoverer.ApplyConfig(allocatorWatcher.EventSourceConfigMap, cfg.PromConfig) + if err != nil { + setupLog.Error(err, "Unable to apply initial configuration") + return err + } + err := targetDiscoverer.Watch(allocator.SetTargets) + setupLog.Info("Target discoverer exited") + return err + }, + func(_ error) { + setupLog.Info("Closing target discoverer") + targetDiscoverer.Close() + }) + runGroup.Add( + func() error { + err := collectorWatcher.Watch(ctx, cfg.LabelSelector, allocator.SetCollectors) + setupLog.Info("Collector watcher exited") + return err + }, + func(_ error) { + setupLog.Info("Closing collector watcher") + collectorWatcher.Close() + }) + runGroup.Add( + func() error { + err := srv.Start() + setupLog.Info("Server failed to start") + return err + }, + func(_ error) { + setupLog.Info("Closing server") + if shutdownErr := srv.Shutdown(ctx); shutdownErr != nil { + setupLog.Error(shutdownErr, "Error on server shutdown") + } + }) + runGroup.Add( + func() error { + for { + select { + case event := <-eventChan: + eventsMetric.WithLabelValues(event.Source.String()).Inc() + loadConfig, err := event.Watcher.LoadConfig(ctx) + if err != nil { + setupLog.Error(err, "Unable to load configuration") + continue + } + err = targetDiscoverer.ApplyConfig(event.Source, loadConfig) + if err != nil { + setupLog.Error(err, "Unable to apply configuration") + continue + } + case err := <-errChan: + setupLog.Error(err, "Watcher error") + case <-eventCloser: + return nil + } + } + }, + func(_ error) { + setupLog.Info("Closing watcher loop") + close(eventCloser) + }) + runGroup.Add( + func() error { + for { + select { + case <-interrupts: + setupLog.Info("Received interrupt") + return nil + case <-eventCloser: + return nil + } + } + }, + func(_ error) { + setupLog.Info("Closing interrupt loop") + }) + if runErr := runGroup.Run(); runErr != nil { + setupLog.Error(runErr, "run group exited") + } + setupLog.Info("Target allocator exited.") +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/prehook.go b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/prehook.go new file mode 100644 index 000000000..a1f1b4c35 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/prehook.go @@ -0,0 +1,53 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package prehook + +import ( + "errors" + + "github.com/go-logr/logr" + "github.com/prometheus/prometheus/model/relabel" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +const ( + relabelConfigTargetFilterName = "relabel-config" +) + +type Hook interface { + Apply(map[string]*target.Item) map[string]*target.Item + SetConfig(map[string][]*relabel.Config) + GetConfig() map[string][]*relabel.Config +} + +type HookProvider func(log logr.Logger) Hook + +var ( + registry = map[string]HookProvider{} +) + +func New(name string, log logr.Logger) Hook { + if p, ok := registry[name]; ok { + return p(log.WithName("Prehook").WithName(name)) + } + + log.Info("Unrecognized filter strategy; filtering disabled") + return nil +} + +func Register(name string, provider HookProvider) error { + if _, ok := registry[name]; ok { + return errors.New("already registered") + } + registry[name] = provider + return nil +} + +func init() { + err := Register(relabelConfigTargetFilterName, NewRelabelConfigTargetFilter) + if err != nil { + panic(err) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel.go b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel.go new file mode 100644 index 000000000..c8d7b20f8 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel.go @@ -0,0 +1,99 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package prehook + +import ( + "github.com/go-logr/logr" + "github.com/prometheus/common/model" + "github.com/prometheus/prometheus/model/labels" + "github.com/prometheus/prometheus/model/relabel" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +type RelabelConfigTargetFilter struct { + log logr.Logger + relabelCfg map[string][]*relabel.Config +} + +func NewRelabelConfigTargetFilter(log logr.Logger) Hook { + return &RelabelConfigTargetFilter{ + log: log, + relabelCfg: make(map[string][]*relabel.Config), + } +} + +// helper function converts from model.LabelSet to []labels.Label. +func convertLabelToPromLabelSet(lbls model.LabelSet) []labels.Label { + newLabels := make([]labels.Label, len(lbls)) + index := 0 + for k, v := range lbls { + newLabels[index].Name = string(k) + newLabels[index].Value = string(v) + index++ + } + return newLabels +} + +func (tf *RelabelConfigTargetFilter) Apply(targets map[string]*target.Item) map[string]*target.Item { + numTargets := len(targets) + + // need to wait until relabelCfg is set + if len(tf.relabelCfg) == 0 { + return targets + } + + // Note: jobNameKey != tItem.JobName (jobNameKey is hashed) + for jobNameKey, tItem := range targets { + keepTarget := true + lset := convertLabelToPromLabelSet(tItem.Labels) + for _, cfg := range tf.relabelCfg[tItem.JobName] { + if newLset, keep := relabel.Process(lset, cfg); !keep { + keepTarget = false + break // inner loop + } else { + lset = newLset + } + } + + if !keepTarget { + delete(targets, jobNameKey) + } + } + + tf.log.V(2).Info("Filtering complete", "seen", numTargets, "kept", len(targets)) + return targets +} + +func (tf *RelabelConfigTargetFilter) SetConfig(cfgs map[string][]*relabel.Config) { + relabelCfgCopy := make(map[string][]*relabel.Config) + for key, val := range cfgs { + relabelCfgCopy[key] = tf.replaceRelabelConfig(val) + } + + tf.relabelCfg = relabelCfgCopy +} + +// See this thread [https://github.com/open-telemetry/opentelemetry-operator/pull/1124/files#r983145795] +// for why SHARD == 0 is a necessary substitution. Otherwise the keep action that uses this env variable, +// would not match the regex and all targets end up dropped. Also note, $(SHARD) will always be 0 and it +// does not make sense to read from the environment because it is never set in the allocator. +func (tf *RelabelConfigTargetFilter) replaceRelabelConfig(cfg []*relabel.Config) []*relabel.Config { + for i := range cfg { + str := cfg[i].Regex.String() + if str == "$(SHARD)" { + cfg[i].Regex = relabel.MustNewRegexp("0") + } + } + + return cfg +} + +func (tf *RelabelConfigTargetFilter) GetConfig() map[string][]*relabel.Config { + relabelCfgCopy := make(map[string][]*relabel.Config) + for k, v := range tf.relabelCfg { + relabelCfgCopy[k] = v + } + return relabelCfgCopy +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel_test.go new file mode 100644 index 000000000..a1e14b03d --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/prehook/relabel_test.go @@ -0,0 +1,259 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package prehook + +import ( + "crypto/rand" + "fmt" + "math/big" + "strconv" + "testing" + + "github.com/prometheus/common/model" + "github.com/prometheus/prometheus/model/relabel" + "github.com/stretchr/testify/assert" + logf "sigs.k8s.io/controller-runtime/pkg/log" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +var ( + logger = logf.Log.WithName("unit-tests") + defaultNumTargets = 100 + defaultNumCollectors = 3 + defaultStartIndex = 0 + + relabelConfigs = []relabelConfigObj{ + { + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"i"}, + Action: "replace", + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + Replacement: "$1", + TargetLabel: "foo", + }, + }, + isDrop: false, + }, + { + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"i"}, + Regex: relabel.MustNewRegexp("(.*)"), + Separator: ";", + Action: "keep", + Replacement: "$1", + }, + }, + isDrop: false, + }, + { + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"i"}, + Regex: relabel.MustNewRegexp("bad.*match"), + Action: "drop", + Separator: ";", + Replacement: "$1", + }, + }, + isDrop: false, + }, + { + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"label_not_present"}, + Regex: relabel.MustNewRegexp("(.*)"), + Separator: ";", + Action: "keep", + Replacement: "$1", + }, + }, + isDrop: false, + }, + { + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"i"}, + Regex: relabel.MustNewRegexp("(.*)"), + Separator: ";", + Action: "drop", + Replacement: "$1", + }, + }, + isDrop: true, + }, + { + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"collector"}, + Regex: relabel.MustNewRegexp("(collector.*)"), + Separator: ";", + Action: "drop", + Replacement: "$1", + }, + }, + isDrop: true, + }, + { + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"i"}, + Regex: relabel.MustNewRegexp("bad.*match"), + Separator: ";", + Action: "keep", + Replacement: "$1", + }, + }, + isDrop: true, + }, + { + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"collector"}, + Regex: relabel.MustNewRegexp("collectors-n"), + Separator: ";", + Action: "keep", + Replacement: "$1", + }, + }, + isDrop: true, + }, + } + + HashmodConfig = relabelConfigObj{ + cfg: []*relabel.Config{ + { + SourceLabels: model.LabelNames{"i"}, + Regex: relabel.MustNewRegexp("(.*)"), + Separator: ";", + Modulus: 1, + TargetLabel: "tmp-0", + Action: "hashmod", + Replacement: "$1", + }, + + { + SourceLabels: model.LabelNames{"tmp-$(SHARD)"}, + Regex: relabel.MustNewRegexp("$(SHARD)"), + Separator: ";", + Action: "keep", + Replacement: "$1", + }, + }, + isDrop: false, + } + + DefaultDropRelabelConfig = relabel.Config{ + SourceLabels: model.LabelNames{"i"}, + Regex: relabel.MustNewRegexp("(.*)"), + Action: "drop", + } +) + +type relabelConfigObj struct { + cfg []*relabel.Config + isDrop bool +} + +func colIndex(index, numCols int) int { + if numCols == 0 { + return -1 + } + return index % numCols +} + +func makeNNewTargets(rCfgs []relabelConfigObj, n int, numCollectors int, startingIndex int) (map[string]*target.Item, int, map[string]*target.Item, map[string][]*relabel.Config) { + toReturn := map[string]*target.Item{} + expectedMap := make(map[string]*target.Item) + numItemsRemaining := n + relabelConfig := make(map[string][]*relabel.Config) + for i := startingIndex; i < n+startingIndex; i++ { + collector := fmt.Sprintf("collector-%d", colIndex(i, numCollectors)) + label := model.LabelSet{ + "collector": model.LabelValue(collector), + "i": model.LabelValue(strconv.Itoa(i)), + "total": model.LabelValue(strconv.Itoa(n + startingIndex)), + } + jobName := fmt.Sprintf("test-job-%d", i) + newTarget := target.NewItem(jobName, "test-url", label, collector) + // add a single replace, drop, or keep action as relabel_config for targets + var index int + ind, _ := rand.Int(rand.Reader, big.NewInt(int64(len(relabelConfigs)))) + + index = int(ind.Int64()) + + relabelConfig[jobName] = rCfgs[index].cfg + + targetKey := newTarget.Hash() + if relabelConfigs[index].isDrop { + numItemsRemaining-- + } else { + expectedMap[targetKey] = newTarget + } + toReturn[targetKey] = newTarget + } + return toReturn, numItemsRemaining, expectedMap, relabelConfig +} + +func TestApply(t *testing.T) { + allocatorPrehook := New("relabel-config", logger) + assert.NotNil(t, allocatorPrehook) + + targets, numRemaining, expectedTargetMap, relabelCfg := makeNNewTargets(relabelConfigs, defaultNumTargets, defaultNumCollectors, defaultStartIndex) + allocatorPrehook.SetConfig(relabelCfg) + remainingItems := allocatorPrehook.Apply(targets) + assert.Len(t, remainingItems, numRemaining) + assert.Equal(t, remainingItems, expectedTargetMap) + + // clear out relabelCfg to test with empty values + for key := range relabelCfg { + relabelCfg[key] = nil + } + + // cfg = createMockConfig(relabelCfg) + allocatorPrehook.SetConfig(relabelCfg) + remainingItems = allocatorPrehook.Apply(targets) + // relabelCfg is empty so targets should be unfiltered + assert.Len(t, remainingItems, len(targets)) + assert.Equal(t, remainingItems, targets) +} + +func TestApplyHashmodAction(t *testing.T) { + allocatorPrehook := New("relabel-config", logger) + assert.NotNil(t, allocatorPrehook) + + hashRelabelConfigs := append(relabelConfigs, HashmodConfig) + targets, numRemaining, expectedTargetMap, relabelCfg := makeNNewTargets(hashRelabelConfigs, defaultNumTargets, defaultNumCollectors, defaultStartIndex) + allocatorPrehook.SetConfig(relabelCfg) + remainingItems := allocatorPrehook.Apply(targets) + assert.Len(t, remainingItems, numRemaining) + assert.Equal(t, remainingItems, expectedTargetMap) +} + +func TestApplyEmptyRelabelCfg(t *testing.T) { + + allocatorPrehook := New("relabel-config", logger) + assert.NotNil(t, allocatorPrehook) + + targets, _, _, _ := makeNNewTargets(relabelConfigs, defaultNumTargets, defaultNumCollectors, defaultStartIndex) + + relabelCfg := map[string][]*relabel.Config{} + allocatorPrehook.SetConfig(relabelCfg) + remainingItems := allocatorPrehook.Apply(targets) + // relabelCfg is empty so targets should be unfiltered + assert.Len(t, remainingItems, len(targets)) + assert.Equal(t, remainingItems, targets) +} + +func TestSetConfig(t *testing.T) { + allocatorPrehook := New("relabel-config", logger) + assert.NotNil(t, allocatorPrehook) + + _, _, _, relabelCfg := makeNNewTargets(relabelConfigs, defaultNumTargets, defaultNumCollectors, defaultStartIndex) + allocatorPrehook.SetConfig(relabelCfg) + assert.Equal(t, relabelCfg, allocatorPrehook.GetConfig()) +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/server/bench_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/server/bench_test.go new file mode 100644 index 000000000..e209d6775 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/server/bench_test.go @@ -0,0 +1,259 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package server + +import ( + "fmt" + "math/rand" + "net/http/httptest" + "testing" + "time" + + "github.com/gin-gonic/gin" + "github.com/prometheus/common/model" + promconfig "github.com/prometheus/prometheus/config" + "github.com/stretchr/testify/assert" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +func BenchmarkServerTargetsHandler(b *testing.B) { + random := rand.New(rand.NewSource(time.Now().UnixNano())) // nolint: gosec + var table = []struct { + numCollectors int + numJobs int + }{ + {numCollectors: 100, numJobs: 100}, + {numCollectors: 100, numJobs: 1000}, + {numCollectors: 100, numJobs: 10000}, + {numCollectors: 100, numJobs: 100000}, + {numCollectors: 1000, numJobs: 100}, + {numCollectors: 1000, numJobs: 1000}, + {numCollectors: 1000, numJobs: 10000}, + {numCollectors: 1000, numJobs: 100000}, + } + + for _, allocatorName := range allocation.GetRegisteredAllocatorNames() { + for _, v := range table { + a, _ := allocation.New(allocatorName, logger) + cols := allocation.MakeNCollectors(v.numCollectors, 0) + targets := allocation.MakeNNewTargets(v.numJobs, v.numCollectors, 0) + listenAddr := ":8080" + a.SetCollectors(cols) + a.SetTargets(targets) + s := NewServer(logger, a, listenAddr) + b.Run(fmt.Sprintf("%s_num_cols_%d_num_jobs_%d", allocatorName, v.numCollectors, v.numJobs), func(b *testing.B) { + b.ReportAllocs() + for i := 0; i < b.N; i++ { + randomJob := random.Intn(v.numJobs) //nolint: gosec + randomCol := random.Intn(v.numCollectors) //nolint: gosec + request := httptest.NewRequest("GET", fmt.Sprintf("/jobs/test-job-%d/targets?collector_id=collector-%d", randomJob, randomCol), nil) + w := httptest.NewRecorder() + s.server.Handler.ServeHTTP(w, request) + } + }) + } + } +} + +func BenchmarkScrapeConfigsHandler(b *testing.B) { + random := rand.New(rand.NewSource(time.Now().UnixNano())) // nolint: gosec + s := &Server{ + logger: logger, + } + + tests := []int{0, 5, 10, 50, 100, 500} + for _, n := range tests { + data := makeNScrapeConfigs(*random, n) + assert.NoError(b, s.UpdateScrapeConfigResponse(data)) + + b.Run(fmt.Sprintf("%d_targets", n), func(b *testing.B) { + b.ReportAllocs() + for i := 0; i < b.N; i++ { + c, _ := gin.CreateTestContext(httptest.NewRecorder()) + gin.SetMode(gin.ReleaseMode) + c.Request = httptest.NewRequest("GET", "/scrape_configs", nil) + + s.ScrapeConfigsHandler(c) + } + }) + } +} + +func BenchmarkCollectorMapJSONHandler(b *testing.B) { + random := rand.New(rand.NewSource(time.Now().UnixNano())) // nolint: gosec + s := &Server{ + logger: logger, + jsonMarshaller: jsonConfig, + } + + tests := []struct { + numCollectors int + numTargets int + }{ + { + numCollectors: 0, + numTargets: 0, + }, + { + numCollectors: 5, + numTargets: 5, + }, + { + numCollectors: 5, + numTargets: 50, + }, + { + numCollectors: 5, + numTargets: 500, + }, + { + numCollectors: 50, + numTargets: 5, + }, + { + numCollectors: 50, + numTargets: 50, + }, + { + numCollectors: 50, + numTargets: 500, + }, + { + numCollectors: 50, + numTargets: 5000, + }, + } + for _, tc := range tests { + data := makeNCollectorJSON(*random, tc.numCollectors, tc.numTargets) + b.Run(fmt.Sprintf("%d_collectors_%d_targets", tc.numCollectors, tc.numTargets), func(b *testing.B) { + b.ReportAllocs() + for i := 0; i < b.N; i++ { + resp := httptest.NewRecorder() + s.jsonHandler(resp, data) + } + }) + } +} + +func BenchmarkTargetItemsJSONHandler(b *testing.B) { + random := rand.New(rand.NewSource(time.Now().UnixNano())) // nolint: gosec + s := &Server{ + logger: logger, + jsonMarshaller: jsonConfig, + } + + tests := []struct { + numTargets int + numLabels int + }{ + { + numTargets: 0, + numLabels: 0, + }, + { + numTargets: 5, + numLabels: 5, + }, + { + numTargets: 5, + numLabels: 50, + }, + { + numTargets: 50, + numLabels: 5, + }, + { + numTargets: 50, + numLabels: 50, + }, + { + numTargets: 500, + numLabels: 50, + }, + { + numTargets: 500, + numLabels: 500, + }, + { + numTargets: 5000, + numLabels: 50, + }, + { + numTargets: 5000, + numLabels: 500, + }, + } + for _, tc := range tests { + data := makeNTargetItems(*random, tc.numTargets, tc.numLabels) + b.Run(fmt.Sprintf("%d_targets_%d_labels", tc.numTargets, tc.numLabels), func(b *testing.B) { + b.ReportAllocs() + for i := 0; i < b.N; i++ { + resp := httptest.NewRecorder() + s.jsonHandler(resp, data) + } + }) + } +} + +var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_/") + +func randSeq(random rand.Rand, n int) string { + b := make([]rune, n) + for i := range b { + b[i] = letters[random.Intn(len(letters))] //nolint:gosec + } + return string(b) +} + +func makeNScrapeConfigs(random rand.Rand, n int) map[string]*promconfig.ScrapeConfig { + items := make(map[string]*promconfig.ScrapeConfig, n) + for i := 0; i < n; i++ { + items[randSeq(random, 20)] = &promconfig.ScrapeConfig{ + JobName: randSeq(random, 20), + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(time.Minute), + MetricsPath: randSeq(random, 50), + SampleLimit: 5, + TargetLimit: 200, + LabelLimit: 20, + LabelNameLengthLimit: 50, + LabelValueLengthLimit: 100, + } + } + return items +} + +func makeNCollectorJSON(random rand.Rand, numCollectors, numItems int) map[string]collectorJSON { + items := make(map[string]collectorJSON, numCollectors) + for i := 0; i < numCollectors; i++ { + items[randSeq(random, 20)] = collectorJSON{ + Link: randSeq(random, 120), + Jobs: makeNTargetItems(random, numItems, 50), + } + } + return items +} + +func makeNTargetItems(random rand.Rand, numItems, numLabels int) []*target.Item { + items := make([]*target.Item, 0, numItems) + for i := 0; i < numItems; i++ { + items = append(items, target.NewItem( + randSeq(random, 80), + randSeq(random, 150), + makeNNewLabels(random, numLabels), + randSeq(random, 30), + )) + } + return items +} + +func makeNNewLabels(random rand.Rand, n int) model.LabelSet { + labels := make(map[model.LabelName]model.LabelValue, n) + for i := 0; i < n; i++ { + labels[model.LabelName(randSeq(random, 20))] = model.LabelValue(randSeq(random, 20)) + } + return labels +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/server/mocks_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/server/mocks_test.go new file mode 100644 index 000000000..160a8e316 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/server/mocks_test.go @@ -0,0 +1,27 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package server + +import ( + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +var _ allocation.Allocator = &mockAllocator{} + +// mockAllocator implements the Allocator interface, but all funcs other than +// TargetItems() are a no-op. +type mockAllocator struct { + targetItems map[string]*target.Item +} + +func (m *mockAllocator) SetCollectors(_ map[string]*allocation.Collector) {} +func (m *mockAllocator) SetTargets(_ map[string]*target.Item) {} +func (m *mockAllocator) Collectors() map[string]*allocation.Collector { return nil } +func (m *mockAllocator) GetTargetsForCollectorAndJob(_ string, _ string) []*target.Item { return nil } +func (m *mockAllocator) SetFilter(_ allocation.Filter) {} + +func (m *mockAllocator) TargetItems() map[string]*target.Item { + return m.targetItems +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/server/server.go b/cmd/amazon-cloudwatch-agent-target-allocator/server/server.go new file mode 100644 index 000000000..4eb0f3304 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/server/server.go @@ -0,0 +1,229 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package server + +import ( + "context" + "fmt" + "net/http" + "net/http/pprof" + "net/url" + "strings" + "sync" + "time" + + yaml2 "github.com/ghodss/yaml" + "github.com/gin-gonic/gin" + "github.com/go-logr/logr" + jsoniter "github.com/json-iterator/go" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" + "github.com/prometheus/client_golang/prometheus/promhttp" + promconfig "github.com/prometheus/prometheus/config" + "gopkg.in/yaml.v2" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +var ( + httpDuration = promauto.NewHistogramVec(prometheus.HistogramOpts{ + Name: "amazon_cloudwatch_agent_allocator_http_duration_seconds", + Help: "Duration of received HTTP requests.", + }, []string{"path"}) +) + +var ( + jsonConfig = jsoniter.Config{ + EscapeHTML: false, + MarshalFloatWith6Digits: true, + ObjectFieldMustBeSimpleString: true, + }.Froze() +) + +type collectorJSON struct { + Link string `json:"_link"` + Jobs []*target.Item `json:"targets"` +} + +type Server struct { + logger logr.Logger + allocator allocation.Allocator + server *http.Server + jsonMarshaller jsoniter.API + + // Use RWMutex to protect scrapeConfigResponse, since it + // will be predominantly read and only written when config + // is applied. + mtx sync.RWMutex + scrapeConfigResponse []byte +} + +func NewServer(log logr.Logger, allocator allocation.Allocator, listenAddr string) *Server { + s := &Server{ + logger: log, + allocator: allocator, + jsonMarshaller: jsonConfig, + } + + gin.SetMode(gin.ReleaseMode) + router := gin.New() + router.Use(gin.Recovery()) + router.UseRawPath = true + router.UnescapePathValues = false + router.Use(s.PrometheusMiddleware) + router.GET("/scrape_configs", s.ScrapeConfigsHandler) + router.GET("/jobs", s.JobHandler) + router.GET("/jobs/:job_id/targets", s.TargetsHandler) + router.GET("/metrics", gin.WrapH(promhttp.Handler())) + router.GET("/livez", s.LivenessProbeHandler) + router.GET("/readyz", s.ReadinessProbeHandler) + registerPprof(router.Group("/debug/pprof/")) + + s.server = &http.Server{Addr: listenAddr, Handler: router, ReadHeaderTimeout: 90 * time.Second} + return s +} + +func (s *Server) Start() error { + s.logger.Info("Starting server...") + return s.server.ListenAndServe() +} + +func (s *Server) Shutdown(ctx context.Context) error { + s.logger.Info("Shutting down server...") + return s.server.Shutdown(ctx) +} + +// UpdateScrapeConfigResponse updates the scrape config response. The target allocator first marshals these +// configurations such that the underlying prometheus marshaling is used. After that, the YAML is converted +// in to a JSON format for consumers to use. +func (s *Server) UpdateScrapeConfigResponse(configs map[string]*promconfig.ScrapeConfig) error { + var configBytes []byte + configBytes, err := yaml.Marshal(configs) + if err != nil { + return err + } + var jsonConfig []byte + jsonConfig, err = yaml2.YAMLToJSON(configBytes) + if err != nil { + return err + } + s.mtx.Lock() + s.scrapeConfigResponse = jsonConfig + s.mtx.Unlock() + return nil +} + +// ScrapeConfigsHandler returns the available scrape configuration discovered by the target allocator. +func (s *Server) ScrapeConfigsHandler(c *gin.Context) { + s.mtx.RLock() + result := s.scrapeConfigResponse + s.mtx.RUnlock() + + // We don't use the jsonHandler method because we don't want our bytes to be re-encoded + c.Writer.Header().Set("Content-Type", "application/json") + _, err := c.Writer.Write(result) + if err != nil { + s.errorHandler(c.Writer, err) + } +} + +func (s *Server) ReadinessProbeHandler(c *gin.Context) { + s.mtx.RLock() + result := s.scrapeConfigResponse + s.mtx.RUnlock() + + if result != nil { + c.Status(http.StatusOK) + } else { + c.Status(http.StatusServiceUnavailable) + } +} + +func (s *Server) JobHandler(c *gin.Context) { + displayData := make(map[string]target.LinkJSON) + for _, v := range s.allocator.TargetItems() { + displayData[v.JobName] = target.LinkJSON{Link: v.Link.Link} + } + s.jsonHandler(c.Writer, displayData) +} + +func (s *Server) LivenessProbeHandler(c *gin.Context) { + c.Status(http.StatusOK) +} + +func (s *Server) PrometheusMiddleware(c *gin.Context) { + path := c.FullPath() + timer := prometheus.NewTimer(httpDuration.WithLabelValues(path)) + c.Next() + timer.ObserveDuration() +} + +func (s *Server) TargetsHandler(c *gin.Context) { + q := c.Request.URL.Query()["collector_id"] + + jobIdParam := c.Params.ByName("job_id") + jobId, err := url.QueryUnescape(jobIdParam) + if err != nil { + s.errorHandler(c.Writer, err) + return + } + + if len(q) == 0 { + displayData := GetAllTargetsByJob(s.allocator, jobId) + s.jsonHandler(c.Writer, displayData) + + } else { + tgs := s.allocator.GetTargetsForCollectorAndJob(q[0], jobId) + // Displays empty list if nothing matches + if len(tgs) == 0 { + s.jsonHandler(c.Writer, []interface{}{}) + return + } + s.jsonHandler(c.Writer, tgs) + } +} + +func (s *Server) errorHandler(w http.ResponseWriter, err error) { + w.WriteHeader(http.StatusInternalServerError) + s.jsonHandler(w, err) +} + +func (s *Server) jsonHandler(w http.ResponseWriter, data interface{}) { + w.Header().Set("Content-Type", "application/json") + err := s.jsonMarshaller.NewEncoder(w).Encode(data) + if err != nil { + s.logger.Error(err, "failed to encode data for http response") + } +} + +// GetAllTargetsByJob is a relatively expensive call that is usually only used for debugging purposes. +func GetAllTargetsByJob(allocator allocation.Allocator, job string) map[string]collectorJSON { + displayData := make(map[string]collectorJSON) + for _, col := range allocator.Collectors() { + items := allocator.GetTargetsForCollectorAndJob(col.Name, job) + displayData[col.Name] = collectorJSON{Link: fmt.Sprintf("/jobs/%s/targets?collector_id=%s", url.QueryEscape(job), col.Name), Jobs: items} + } + return displayData +} + +// registerPprof registers the pprof handlers and either serves the requested +// specific profile or falls back to index handler. +func registerPprof(g *gin.RouterGroup) { + g.GET("/*profile", func(c *gin.Context) { + path := c.Param("profile") + switch strings.TrimPrefix(path, "/") { + case "cmdline": + gin.WrapF(pprof.Cmdline)(c) + case "profile": + gin.WrapF(pprof.Profile)(c) + case "symbol": + gin.WrapF(pprof.Symbol)(c) + case "trace": + gin.WrapF(pprof.Trace)(c) + default: + gin.WrapF(pprof.Index)(c) + } + }) +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/server/server_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/server/server_test.go new file mode 100644 index 000000000..dc4abdbdb --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/server/server_test.go @@ -0,0 +1,606 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package server + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "net/http/httptest" + "net/url" + "testing" + "time" + + "github.com/prometheus/common/config" + "github.com/prometheus/common/model" + promconfig "github.com/prometheus/prometheus/config" + "github.com/prometheus/prometheus/model/relabel" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "gopkg.in/yaml.v2" + logf "sigs.k8s.io/controller-runtime/pkg/log" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/target" +) + +var ( + logger = logf.Log.WithName("server-unit-tests") + baseLabelSet = model.LabelSet{ + "test_label": "test-value", + } + testJobLabelSetTwo = model.LabelSet{ + "test_label": "test-value2", + } + baseTargetItem = target.NewItem("test-job", "test-url", baseLabelSet, "test-collector") + secondTargetItem = target.NewItem("test-job", "test-url", baseLabelSet, "test-collector") + testJobTargetItemTwo = target.NewItem("test-job", "test-url2", testJobLabelSetTwo, "test-collector2") +) + +func TestServer_LivenessProbeHandler(t *testing.T) { + consistentHashing, _ := allocation.New("consistent-hashing", logger) + listenAddr := ":8080" + s := NewServer(logger, consistentHashing, listenAddr) + request := httptest.NewRequest("GET", "/livez", nil) + w := httptest.NewRecorder() + + s.server.Handler.ServeHTTP(w, request) + result := w.Result() + + assert.Equal(t, http.StatusOK, result.StatusCode) +} + +func TestServer_TargetsHandler(t *testing.T) { + consistentHashing, _ := allocation.New("consistent-hashing", logger) + type args struct { + collector string + job string + cMap map[string]*target.Item + allocator allocation.Allocator + } + type want struct { + items []*target.Item + errString string + } + tests := []struct { + name string + args args + want want + }{ + { + name: "Empty target map", + args: args{ + collector: "test-collector", + job: "test-job", + cMap: map[string]*target.Item{}, + allocator: consistentHashing, + }, + want: want{ + items: []*target.Item{}, + }, + }, + { + name: "Single entry target map", + args: args{ + collector: "test-collector", + job: "test-job", + cMap: map[string]*target.Item{ + baseTargetItem.Hash(): baseTargetItem, + }, + allocator: consistentHashing, + }, + want: want{ + items: []*target.Item{ + { + TargetURL: []string{"test-url"}, + Labels: map[model.LabelName]model.LabelValue{ + "test_label": "test-value", + }, + }, + }, + }, + }, + { + name: "Multiple entry target map", + args: args{ + collector: "test-collector", + job: "test-job", + cMap: map[string]*target.Item{ + baseTargetItem.Hash(): baseTargetItem, + secondTargetItem.Hash(): secondTargetItem, + }, + allocator: consistentHashing, + }, + want: want{ + items: []*target.Item{ + { + TargetURL: []string{"test-url"}, + Labels: map[model.LabelName]model.LabelValue{ + "test_label": "test-value", + }, + }, + }, + }, + }, + { + name: "Multiple entry target map of same job with label merge", + args: args{ + collector: "test-collector", + job: "test-job", + cMap: map[string]*target.Item{ + baseTargetItem.Hash(): baseTargetItem, + testJobTargetItemTwo.Hash(): testJobTargetItemTwo, + }, + allocator: consistentHashing, + }, + want: want{ + items: []*target.Item{ + { + TargetURL: []string{"test-url"}, + Labels: map[model.LabelName]model.LabelValue{ + "test_label": "test-value", + }, + }, + { + TargetURL: []string{"test-url2"}, + Labels: map[model.LabelName]model.LabelValue{ + "test_label": "test-value2", + }, + }, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + listenAddr := ":8080" + s := NewServer(logger, tt.args.allocator, listenAddr) + tt.args.allocator.SetCollectors(map[string]*allocation.Collector{"test-collector": {Name: "test-collector"}}) + tt.args.allocator.SetTargets(tt.args.cMap) + request := httptest.NewRequest("GET", fmt.Sprintf("/jobs/%s/targets?collector_id=%s", tt.args.job, tt.args.collector), nil) + w := httptest.NewRecorder() + + s.server.Handler.ServeHTTP(w, request) + result := w.Result() + + assert.Equal(t, http.StatusOK, result.StatusCode) + body := result.Body + bodyBytes, err := io.ReadAll(body) + assert.NoError(t, err) + if len(tt.want.errString) != 0 { + assert.EqualError(t, err, tt.want.errString) + return + } + var itemResponse []*target.Item + err = json.Unmarshal(bodyBytes, &itemResponse) + assert.NoError(t, err) + assert.ElementsMatch(t, tt.want.items, itemResponse) + }) + } +} + +func TestServer_ScrapeConfigsHandler(t *testing.T) { + tests := []struct { + description string + scrapeConfigs map[string]*promconfig.ScrapeConfig + expectedCode int + expectedBody []byte + }{ + { + description: "nil scrape config", + scrapeConfigs: nil, + expectedCode: http.StatusOK, + expectedBody: []byte("{}"), + }, + { + description: "empty scrape config", + scrapeConfigs: map[string]*promconfig.ScrapeConfig{}, + expectedCode: http.StatusOK, + expectedBody: []byte("{}"), + }, + { + description: "single entry", + scrapeConfigs: map[string]*promconfig.ScrapeConfig{ + "serviceMonitor/testapp/testapp/0": { + JobName: "serviceMonitor/testapp/testapp/0", + HonorTimestamps: true, + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: config.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + expectedCode: http.StatusOK, + }, + { + description: "multiple entries", + scrapeConfigs: map[string]*promconfig.ScrapeConfig{ + "serviceMonitor/testapp/testapp/0": { + JobName: "serviceMonitor/testapp/testapp/0", + HonorTimestamps: true, + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: config.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{ + model.LabelName("__meta_kubernetes_service_label_app_kubernetes_io_name"), + model.LabelName("__meta_kubernetes_service_labelpresent_app_kubernetes_io_name"), + }, + Separator: ";", + Regex: relabel.MustNewRegexp("(testapp);true"), + Replacement: "$$1", + Action: relabel.Keep, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_endpoint_port_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("http"), + Replacement: "$$1", + Action: relabel.Keep, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_namespace")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "namespace", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_service_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "service", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "pod", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_container_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "container", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + "serviceMonitor/testapp/testapp1/0": { + JobName: "serviceMonitor/testapp/testapp1/0", + HonorTimestamps: true, + ScrapeInterval: model.Duration(5 * time.Minute), + ScrapeTimeout: model.Duration(10 * time.Second), + MetricsPath: "/v2/metrics", + Scheme: "http", + HTTPClientConfig: config.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{ + model.LabelName("__meta_kubernetes_service_label_app_kubernetes_io_name"), + model.LabelName("__meta_kubernetes_service_labelpresent_app_kubernetes_io_name"), + }, + Separator: ";", + Regex: relabel.MustNewRegexp("(testapp);true"), + Replacement: "$$1", + Action: relabel.Keep, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_endpoint_port_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("http"), + Replacement: "$$1", + Action: relabel.Keep, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_namespace")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "namespace", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_service_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "service", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "pod", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_container_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "container", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + "serviceMonitor/testapp/testapp2/0": { + JobName: "serviceMonitor/testapp/testapp2/0", + HonorTimestamps: true, + ScrapeInterval: model.Duration(30 * time.Minute), + ScrapeTimeout: model.Duration(2 * time.Minute), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: config.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{ + model.LabelName("__meta_kubernetes_service_label_app_kubernetes_io_name"), + model.LabelName("__meta_kubernetes_service_labelpresent_app_kubernetes_io_name"), + }, + Separator: ";", + Regex: relabel.MustNewRegexp("(testapp);true"), + Replacement: "$$1", + Action: relabel.Keep, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_endpoint_port_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("http"), + Replacement: "$$1", + Action: relabel.Keep, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_namespace")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "namespace", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_service_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "service", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "pod", + Replacement: "$$1", + Action: relabel.Replace, + }, + { + SourceLabels: model.LabelNames{model.LabelName("__meta_kubernetes_pod_container_name")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "container", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + expectedCode: http.StatusOK, + }, + } + for _, tc := range tests { + t.Run(tc.description, func(t *testing.T) { + listenAddr := ":8080" + s := NewServer(logger, nil, listenAddr) + assert.NoError(t, s.UpdateScrapeConfigResponse(tc.scrapeConfigs)) + + request := httptest.NewRequest("GET", "/scrape_configs", nil) + w := httptest.NewRecorder() + + s.server.Handler.ServeHTTP(w, request) + result := w.Result() + + assert.Equal(t, tc.expectedCode, result.StatusCode) + bodyBytes, err := io.ReadAll(result.Body) + require.NoError(t, err) + if tc.expectedBody != nil { + assert.Equal(t, tc.expectedBody, bodyBytes) + return + } + scrapeConfigs := map[string]*promconfig.ScrapeConfig{} + err = yaml.Unmarshal(bodyBytes, scrapeConfigs) + require.NoError(t, err) + assert.Equal(t, tc.scrapeConfigs, scrapeConfigs) + }) + } +} + +func TestServer_JobHandler(t *testing.T) { + tests := []struct { + description string + targetItems map[string]*target.Item + expectedCode int + expectedJobs map[string]target.LinkJSON + }{ + { + description: "nil jobs", + targetItems: nil, + expectedCode: http.StatusOK, + expectedJobs: make(map[string]target.LinkJSON), + }, + { + description: "empty jobs", + targetItems: map[string]*target.Item{}, + expectedCode: http.StatusOK, + expectedJobs: make(map[string]target.LinkJSON), + }, + { + description: "one job", + targetItems: map[string]*target.Item{ + "targetitem": target.NewItem("job1", "", model.LabelSet{}, ""), + }, + expectedCode: http.StatusOK, + expectedJobs: map[string]target.LinkJSON{ + "job1": newLink("job1"), + }, + }, + { + description: "multiple jobs", + targetItems: map[string]*target.Item{ + "a": target.NewItem("job1", "", model.LabelSet{}, ""), + "b": target.NewItem("job2", "", model.LabelSet{}, ""), + "c": target.NewItem("job3", "", model.LabelSet{}, ""), + "d": target.NewItem("job3", "", model.LabelSet{}, ""), + "e": target.NewItem("job3", "", model.LabelSet{}, "")}, + expectedCode: http.StatusOK, + expectedJobs: map[string]target.LinkJSON{ + "job1": newLink("job1"), + "job2": newLink("job2"), + "job3": newLink("job3"), + }, + }, + } + for _, tc := range tests { + t.Run(tc.description, func(t *testing.T) { + listenAddr := ":8080" + a := &mockAllocator{targetItems: tc.targetItems} + s := NewServer(logger, a, listenAddr) + request := httptest.NewRequest("GET", "/jobs", nil) + w := httptest.NewRecorder() + + s.server.Handler.ServeHTTP(w, request) + result := w.Result() + + assert.Equal(t, tc.expectedCode, result.StatusCode) + bodyBytes, err := io.ReadAll(result.Body) + require.NoError(t, err) + jobs := map[string]target.LinkJSON{} + err = json.Unmarshal(bodyBytes, &jobs) + require.NoError(t, err) + assert.Equal(t, tc.expectedJobs, jobs) + }) + } +} +func TestServer_Readiness(t *testing.T) { + tests := []struct { + description string + scrapeConfigs map[string]*promconfig.ScrapeConfig + expectedCode int + expectedBody []byte + }{ + { + description: "nil scrape config", + scrapeConfigs: nil, + expectedCode: http.StatusServiceUnavailable, + }, + { + description: "empty scrape config", + scrapeConfigs: map[string]*promconfig.ScrapeConfig{}, + expectedCode: http.StatusOK, + }, + { + description: "single entry", + scrapeConfigs: map[string]*promconfig.ScrapeConfig{ + "serviceMonitor/testapp/testapp/0": { + JobName: "serviceMonitor/testapp/testapp/0", + HonorTimestamps: true, + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: config.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + expectedCode: http.StatusOK, + }, + } + for _, tc := range tests { + t.Run(tc.description, func(t *testing.T) { + listenAddr := ":8080" + s := NewServer(logger, nil, listenAddr) + if tc.scrapeConfigs != nil { + assert.NoError(t, s.UpdateScrapeConfigResponse(tc.scrapeConfigs)) + } + + request := httptest.NewRequest("GET", "/readyz", nil) + w := httptest.NewRecorder() + + s.server.Handler.ServeHTTP(w, request) + result := w.Result() + + assert.Equal(t, tc.expectedCode, result.StatusCode) + }) + } +} + +func newLink(jobName string) target.LinkJSON { + return target.LinkJSON{Link: fmt.Sprintf("/jobs/%s/targets", url.QueryEscape(jobName))} +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery.go b/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery.go new file mode 100644 index 000000000..5f9924c34 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery.go @@ -0,0 +1,145 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package target + +import ( + "hash" + "hash/fnv" + + "github.com/go-logr/logr" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" + "github.com/prometheus/common/model" + "github.com/prometheus/prometheus/config" + "github.com/prometheus/prometheus/discovery" + "github.com/prometheus/prometheus/model/relabel" + "gopkg.in/yaml.v3" + + allocatorWatcher "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/watcher" +) + +var ( + targetsDiscovered = promauto.NewGaugeVec(prometheus.GaugeOpts{ + Name: "amazon_cloudwatch_agent_allocator_targets", + Help: "Number of targets discovered.", + }, []string{"job_name"}) +) + +type Discoverer struct { + log logr.Logger + manager *discovery.Manager + close chan struct{} + configsMap map[allocatorWatcher.EventSource]*config.Config + hook discoveryHook + scrapeConfigsHash hash.Hash + scrapeConfigsUpdater scrapeConfigsUpdater +} + +type discoveryHook interface { + SetConfig(map[string][]*relabel.Config) +} + +type scrapeConfigsUpdater interface { + UpdateScrapeConfigResponse(map[string]*config.ScrapeConfig) error +} + +func NewDiscoverer(log logr.Logger, manager *discovery.Manager, hook discoveryHook, scrapeConfigsUpdater scrapeConfigsUpdater) *Discoverer { + return &Discoverer{ + log: log, + manager: manager, + close: make(chan struct{}), + configsMap: make(map[allocatorWatcher.EventSource]*config.Config), + hook: hook, + scrapeConfigsUpdater: scrapeConfigsUpdater, + } +} + +func (m *Discoverer) ApplyConfig(source allocatorWatcher.EventSource, cfg *config.Config) error { + if cfg == nil { + m.log.Info("Service Discovery got empty Prometheus config", "source", source.String()) + return nil + } + m.configsMap[source] = cfg + jobToScrapeConfig := make(map[string]*config.ScrapeConfig) + + discoveryCfg := make(map[string]discovery.Configs) + relabelCfg := make(map[string][]*relabel.Config) + + for _, value := range m.configsMap { + for _, scrapeConfig := range value.ScrapeConfigs { + jobToScrapeConfig[scrapeConfig.JobName] = scrapeConfig + discoveryCfg[scrapeConfig.JobName] = scrapeConfig.ServiceDiscoveryConfigs + relabelCfg[scrapeConfig.JobName] = scrapeConfig.RelabelConfigs + } + } + + hash, err := getScrapeConfigHash(jobToScrapeConfig) + if err != nil { + return err + } + // If the hash has changed, updated stored hash and send the new config. + // Otherwise skip updating scrape configs. + if m.scrapeConfigsUpdater != nil && m.scrapeConfigsHash != hash { + err := m.scrapeConfigsUpdater.UpdateScrapeConfigResponse(jobToScrapeConfig) + if err != nil { + return err + } + + m.scrapeConfigsHash = hash + } + + if m.hook != nil { + m.hook.SetConfig(relabelCfg) + } + return m.manager.ApplyConfig(discoveryCfg) +} + +func (m *Discoverer) Watch(fn func(targets map[string]*Item)) error { + for { + select { + case <-m.close: + m.log.Info("Service Discovery watch event stopped: discovery manager closed") + return nil + case tsets := <-m.manager.SyncCh(): + targets := map[string]*Item{} + + for jobName, tgs := range tsets { + var count float64 = 0 + for _, tg := range tgs { + for _, t := range tg.Targets { + count++ + item := NewItem(jobName, string(t[model.AddressLabel]), t.Merge(tg.Labels), "") + targets[item.Hash()] = item + } + } + targetsDiscovered.WithLabelValues(jobName).Set(count) + } + fn(targets) + } + } +} + +func (m *Discoverer) Close() { + close(m.close) +} + +// Calculate a hash for a scrape config map. +// This is done by marshaling to YAML because it's the most straightforward and doesn't run into problems with unexported fields. +func getScrapeConfigHash(jobToScrapeConfig map[string]*config.ScrapeConfig) (hash.Hash64, error) { + var err error + hash := fnv.New64() + yamlEncoder := yaml.NewEncoder(hash) + for jobName, scrapeConfig := range jobToScrapeConfig { + _, err = hash.Write([]byte(jobName)) + if err != nil { + return nil, err + } + err = yamlEncoder.Encode(scrapeConfig) + if err != nil { + return nil, err + } + } + yamlEncoder.Close() + return hash, err +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery_test.go new file mode 100644 index 000000000..bd75d7155 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/target/discovery_test.go @@ -0,0 +1,402 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package target + +import ( + "context" + "errors" + "hash" + "sort" + "testing" + "time" + + gokitlog "github.com/go-kit/log" + commonconfig "github.com/prometheus/common/config" + "github.com/prometheus/common/model" + promconfig "github.com/prometheus/prometheus/config" + "github.com/prometheus/prometheus/discovery" + "github.com/prometheus/prometheus/model/relabel" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/config" + allocatorWatcher "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/watcher" +) + +func TestDiscovery(t *testing.T) { + type args struct { + file string + } + tests := []struct { + name string + args args + want []string + }{ + { + name: "base case", + args: args{ + file: "./testdata/test.yaml", + }, + want: []string{"prom.domain:9001", "prom.domain:9002", "prom.domain:9003", "prom.domain:8001", "promfile.domain:1001", "promfile.domain:3000"}, + }, + { + name: "update", + args: args{ + file: "./testdata/test_update.yaml", + }, + want: []string{"prom.domain:9004", "prom.domain:9005", "promfile.domain:1001", "promfile.domain:3000"}, + }, + } + scu := &mockScrapeConfigUpdater{} + ctx, cancelFunc := context.WithCancel(context.Background()) + d := discovery.NewManager(ctx, gokitlog.NewNopLogger()) + manager := NewDiscoverer(ctrl.Log.WithName("test"), d, nil, scu) + + defer func() { manager.Close() }() + defer cancelFunc() + + results := make(chan []string) + go func() { + err := d.Run() + assert.Error(t, err) + }() + go func() { + err := manager.Watch(func(targets map[string]*Item) { + var result []string + for _, t := range targets { + result = append(result, t.TargetURL[0]) + } + results <- result + }) + assert.NoError(t, err) + }() + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + cfg := config.CreateDefaultConfig() + err := config.LoadFromFile(tt.args.file, &cfg) + assert.NoError(t, err) + assert.True(t, len(cfg.PromConfig.ScrapeConfigs) > 0) + err = manager.ApplyConfig(allocatorWatcher.EventSourcePrometheusCR, cfg.PromConfig) + assert.NoError(t, err) + + gotTargets := <-results + sort.Strings(gotTargets) + sort.Strings(tt.want) + assert.Equal(t, tt.want, gotTargets) + + // check the updated scrape configs + expectedScrapeConfigs := map[string]*promconfig.ScrapeConfig{} + for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { + expectedScrapeConfigs[scrapeConfig.JobName] = scrapeConfig + } + assert.Equal(t, expectedScrapeConfigs, scu.mockCfg) + }) + } +} + +func TestDiscovery_ScrapeConfigHashing(t *testing.T) { + // these tests are meant to be run sequentially in this order, to test + // that hashing doesn't cause us to send the wrong information. + tests := []struct { + description string + cfg *promconfig.Config + expectErr bool + }{ + { + description: "base config", + cfg: &promconfig.Config{ + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "serviceMonitor/testapp/testapp/0", + HonorTimestamps: true, + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + }, + }, + { + description: "different bool", + cfg: &promconfig.Config{ + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "serviceMonitor/testapp/testapp/0", + HonorTimestamps: false, + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + }, + }, + { + description: "different job name", + cfg: &promconfig.Config{ + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "serviceMonitor/testapp/testapp/1", + HonorTimestamps: false, + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + }, + }, + { + description: "different key", + cfg: &promconfig.Config{ + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "serviceMonitor/testapp/testapp/1", + HonorTimestamps: false, + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + }, + }, + { + description: "unset scrape interval", + cfg: &promconfig.Config{ + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "serviceMonitor/testapp/testapp/1", + HonorTimestamps: false, + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + }, + }, + { + description: "different regex", + cfg: &promconfig.Config{ + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "serviceMonitor/testapp/testapp/1", + HonorTimestamps: false, + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.+)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + }, + }, + }, + }, + { + description: "mock error on update - no hash update", + cfg: &promconfig.Config{ + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "error", + }, + }, + }, + expectErr: true, + }, + } + var ( + lastValidHash hash.Hash + expectedConfig map[string]*promconfig.ScrapeConfig + lastValidConfig map[string]*promconfig.ScrapeConfig + ) + + scu := &mockScrapeConfigUpdater{} + ctx := context.Background() + d := discovery.NewManager(ctx, gokitlog.NewNopLogger()) + manager := NewDiscoverer(ctrl.Log.WithName("test"), d, nil, scu) + + for _, tc := range tests { + t.Run(tc.description, func(t *testing.T) { + err := manager.ApplyConfig(allocatorWatcher.EventSourcePrometheusCR, tc.cfg) + if !tc.expectErr { + expectedConfig = make(map[string]*promconfig.ScrapeConfig) + for _, value := range manager.configsMap { + for _, scrapeConfig := range value.ScrapeConfigs { + expectedConfig[scrapeConfig.JobName] = scrapeConfig + } + } + assert.NoError(t, err) + assert.NotZero(t, manager.scrapeConfigsHash) + // Assert that scrape configs in manager are correctly + // reflected in the scrape job updater. + assert.Equal(t, expectedConfig, scu.mockCfg) + + lastValidHash = manager.scrapeConfigsHash + lastValidConfig = expectedConfig + } else { + // In case of error, assert that we retain the last + // known valid config. + assert.Error(t, err) + assert.Equal(t, lastValidHash, manager.scrapeConfigsHash) + assert.Equal(t, lastValidConfig, scu.mockCfg) + } + + }) + } +} + +func TestDiscovery_NoConfig(t *testing.T) { + scu := &mockScrapeConfigUpdater{mockCfg: map[string]*promconfig.ScrapeConfig{}} + ctx, cancelFunc := context.WithCancel(context.Background()) + d := discovery.NewManager(ctx, gokitlog.NewNopLogger()) + manager := NewDiscoverer(ctrl.Log.WithName("test"), d, nil, scu) + defer close(manager.close) + defer cancelFunc() + + go func() { + err := d.Run() + assert.Error(t, err) + }() + // check the updated scrape configs + expectedScrapeConfigs := map[string]*promconfig.ScrapeConfig{} + assert.Equal(t, expectedScrapeConfigs, scu.mockCfg) +} + +func BenchmarkApplyScrapeConfig(b *testing.B) { + numConfigs := 1000 + scrapeConfig := promconfig.ScrapeConfig{ + JobName: "serviceMonitor/testapp/testapp/0", + HonorTimestamps: true, + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(30 * time.Second), + MetricsPath: "/metrics", + Scheme: "http", + HTTPClientConfig: commonconfig.HTTPClientConfig{ + FollowRedirects: true, + }, + RelabelConfigs: []*relabel.Config{ + { + SourceLabels: model.LabelNames{model.LabelName("job")}, + Separator: ";", + Regex: relabel.MustNewRegexp("(.*)"), + TargetLabel: "__tmp_prometheus_job_name", + Replacement: "$$1", + Action: relabel.Replace, + }, + }, + } + cfg := &promconfig.Config{ + ScrapeConfigs: make([]*promconfig.ScrapeConfig, numConfigs), + } + + for i := 0; i < numConfigs; i++ { + cfg.ScrapeConfigs[i] = &scrapeConfig + } + + scu := &mockScrapeConfigUpdater{} + ctx := context.Background() + d := discovery.NewManager(ctx, gokitlog.NewNopLogger()) + manager := NewDiscoverer(ctrl.Log.WithName("test"), d, nil, scu) + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := manager.ApplyConfig(allocatorWatcher.EventSourcePrometheusCR, cfg) + require.NoError(b, err) + } +} + +var _ scrapeConfigsUpdater = &mockScrapeConfigUpdater{} + +// mockScrapeConfigUpdater is a mock implementation of the scrapeConfigsUpdater. +// If a job with name "error" is provided to the UpdateScrapeConfigResponse, +// it will return an error for testing purposes. +type mockScrapeConfigUpdater struct { + mockCfg map[string]*promconfig.ScrapeConfig +} + +func (m *mockScrapeConfigUpdater) UpdateScrapeConfigResponse(cfg map[string]*promconfig.ScrapeConfig) error { + if _, ok := cfg["error"]; ok { + return errors.New("error") + } + + m.mockCfg = cfg + return nil +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/target.go b/cmd/amazon-cloudwatch-agent-target-allocator/target/target.go new file mode 100644 index 000000000..fb49e96ec --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/target/target.go @@ -0,0 +1,44 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package target + +import ( + "fmt" + "net/url" + + "github.com/prometheus/common/model" +) + +// LinkJSON This package contains common structs and methods that relate to scrape targets. +type LinkJSON struct { + Link string `json:"_link"` +} + +type Item struct { + JobName string `json:"-"` + Link LinkJSON `json:"-"` + TargetURL []string `json:"targets"` + Labels model.LabelSet `json:"labels"` + CollectorName string `json:"-"` + hash string +} + +func (t *Item) Hash() string { + return t.hash +} + +// NewItem Creates a new target item. +// INVARIANTS: +// * Item fields must not be modified after creation. +// * Item should only be made via its constructor, never directly. +func NewItem(jobName string, targetURL string, label model.LabelSet, collectorName string) *Item { + return &Item{ + JobName: jobName, + Link: LinkJSON{Link: fmt.Sprintf("/jobs/%s/targets", url.QueryEscape(jobName))}, + hash: jobName + targetURL + label.Fingerprint().String(), + TargetURL: []string{targetURL}, + Labels: label, + CollectorName: collectorName, + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test.yaml new file mode 100644 index 000000000..f9582037f --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test.yaml @@ -0,0 +1,17 @@ +label_selector: + app.kubernetes.io/instance: default.test + app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator +config: + scrape_configs: + - job_name: prometheus + + file_sd_configs: + - files: + - ../config/testdata/file_sd_test.json + static_configs: + - targets: ["prom.domain:9001", "prom.domain:9002", "prom.domain:9003"] + labels: + my: label + - job_name: prometheus2 + static_configs: + - targets: ["prom.domain:8001"] diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test_update.yaml b/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test_update.yaml new file mode 100644 index 000000000..826b0b410 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/target/testdata/test_update.yaml @@ -0,0 +1,14 @@ +label_selector: + app.kubernetes.io/instance: default.test + app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator +config: + scrape_configs: + - job_name: prometheus + + file_sd_configs: + - files: + - ../config/testdata/file_sd_test.json + static_configs: + - targets: ["prom.domain:9004", "prom.domain:9005"] + labels: + my: other-label diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/file.go b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/file.go new file mode 100644 index 000000000..d3fa77271 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/file.go @@ -0,0 +1,79 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package watcher + +import ( + "context" + "path/filepath" + + "github.com/fsnotify/fsnotify" + "github.com/go-logr/logr" + promconfig "github.com/prometheus/prometheus/config" + + "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/config" +) + +var _ Watcher = &FileWatcher{} + +type FileWatcher struct { + logger logr.Logger + configFilePath string + watcher *fsnotify.Watcher + closer chan bool +} + +func NewFileWatcher(logger logr.Logger, configFilePath string) (*FileWatcher, error) { + fileWatcher, err := fsnotify.NewWatcher() + if err != nil { + logger.Error(err, "Can't start the watcher") + return &FileWatcher{}, err + } + + return &FileWatcher{ + logger: logger, + configFilePath: configFilePath, + watcher: fileWatcher, + closer: make(chan bool), + }, nil +} + +func (f *FileWatcher) LoadConfig(_ context.Context) (*promconfig.Config, error) { + cfg := config.CreateDefaultConfig() + err := config.LoadFromFile(f.configFilePath, &cfg) + if err != nil { + f.logger.Error(err, "Unable to load configuration") + return nil, err + } + return cfg.PromConfig, nil +} + +func (f *FileWatcher) Watch(upstreamEvents chan Event, upstreamErrors chan error) error { + err := f.watcher.Add(filepath.Dir(f.configFilePath)) + if err != nil { + return err + } + + for { + select { + case <-f.closer: + return nil + case fileEvent := <-f.watcher.Events: + // Using Op.Has as per this doc - https://github.com/fsnotify/fsnotify/blob/9342b6df577910c6eac718dc62845d8c95f8548b/fsnotify.go#L30 + if fileEvent.Op.Has(fsnotify.Create) || fileEvent.Op.Has(fsnotify.Write) { + f.logger.Info("File change detected", "event", fileEvent.Op.String()) + upstreamEvents <- Event{ + Source: EventSourceConfigMap, + Watcher: Watcher(f), + } + } + case err := <-f.watcher.Errors: + upstreamErrors <- err + } + } +} + +func (f *FileWatcher) Close() error { + f.closer <- true + return f.watcher.Close() +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator.go b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator.go new file mode 100644 index 000000000..b85e809fd --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator.go @@ -0,0 +1,359 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package watcher + +import ( + "context" + "fmt" + "os" + "time" + + "github.com/go-kit/log" + "github.com/go-kit/log/level" + "github.com/go-logr/logr" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + promv1alpha1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + "github.com/prometheus-operator/prometheus-operator/pkg/assets" + monitoringclient "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned" + "github.com/prometheus-operator/prometheus-operator/pkg/informers" + "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" + promconfig "github.com/prometheus/prometheus/config" + kubeDiscovery "github.com/prometheus/prometheus/discovery/kubernetes" + "gopkg.in/yaml.v2" + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/cache" + + allocatorconfig "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/config" +) + +const minEventInterval = time.Second * 5 + +func NewPrometheusCRWatcher(logger logr.Logger, cfg allocatorconfig.Config) (*PrometheusCRWatcher, error) { + mClient, err := monitoringclient.NewForConfig(cfg.ClusterConfig) + if err != nil { + return nil, err + } + + clientset, err := kubernetes.NewForConfig(cfg.ClusterConfig) + if err != nil { + return nil, err + } + + factory := informers.NewMonitoringInformerFactories(map[string]struct{}{v1.NamespaceAll: {}}, map[string]struct{}{}, mClient, allocatorconfig.DefaultResyncTime, nil) //TODO decide what strategy to use regarding namespaces + + monitoringInformers, err := getInformers(factory) + if err != nil { + return nil, err + } + + // TODO: We should make these durations configurable + prom := &monitoringv1.Prometheus{ + Spec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + ScrapeInterval: monitoringv1.Duration(cfg.PrometheusCR.ScrapeInterval.String()), + }, + }, + } + + promOperatorLogger := level.NewFilter(log.NewLogfmtLogger(os.Stderr), level.AllowWarn()) + generator, err := prometheus.NewConfigGenerator(promOperatorLogger, prom, true) + + if err != nil { + return nil, err + } + + servMonSelector := getSelector(cfg.ServiceMonitorSelector) + + podMonSelector := getSelector(cfg.PodMonitorSelector) + + return &PrometheusCRWatcher{ + logger: logger, + kubeMonitoringClient: mClient, + k8sClient: clientset, + informers: monitoringInformers, + stopChannel: make(chan struct{}), + eventInterval: minEventInterval, + configGenerator: generator, + kubeConfigPath: cfg.KubeConfigFilePath, + serviceMonitorSelector: servMonSelector, + podMonitorSelector: podMonSelector, + }, nil +} + +type PrometheusCRWatcher struct { + logger logr.Logger + kubeMonitoringClient monitoringclient.Interface + k8sClient kubernetes.Interface + informers map[string]*informers.ForResource + eventInterval time.Duration + stopChannel chan struct{} + configGenerator *prometheus.ConfigGenerator + kubeConfigPath string + + serviceMonitorSelector labels.Selector + podMonitorSelector labels.Selector +} + +func getSelector(s map[string]string) labels.Selector { + if s == nil { + return labels.NewSelector() + } + return labels.SelectorFromSet(s) +} + +// getInformers returns a map of informers for the given resources. +func getInformers(factory informers.FactoriesForNamespaces) (map[string]*informers.ForResource, error) { + serviceMonitorInformers, err := informers.NewInformersForResource(factory, monitoringv1.SchemeGroupVersion.WithResource(monitoringv1.ServiceMonitorName)) + if err != nil { + return nil, err + } + + podMonitorInformers, err := informers.NewInformersForResource(factory, monitoringv1.SchemeGroupVersion.WithResource(monitoringv1.PodMonitorName)) + if err != nil { + return nil, err + } + + return map[string]*informers.ForResource{ + monitoringv1.ServiceMonitorName: serviceMonitorInformers, + monitoringv1.PodMonitorName: podMonitorInformers, + }, nil +} + +// Watch wrapped informers and wait for an initial sync. +func (w *PrometheusCRWatcher) Watch(upstreamEvents chan Event, upstreamErrors chan error) error { + success := true + // this channel needs to be buffered because notifications are asynchronous and neither producers nor consumers wait + notifyEvents := make(chan struct{}, 1) + + for name, resource := range w.informers { + resource.Start(w.stopChannel) + + if ok := cache.WaitForNamedCacheSync(name, w.stopChannel, resource.HasSynced); !ok { + success = false + } + + // only send an event notification if there isn't one already + resource.AddEventHandler(cache.ResourceEventHandlerFuncs{ + // these functions only write to the notification channel if it's empty to avoid blocking + // if scrape config updates are being rate-limited + AddFunc: func(obj interface{}) { + select { + case notifyEvents <- struct{}{}: + default: + } + }, + UpdateFunc: func(oldObj, newObj interface{}) { + select { + case notifyEvents <- struct{}{}: + default: + } + }, + DeleteFunc: func(obj interface{}) { + select { + case notifyEvents <- struct{}{}: + default: + } + }, + }) + } + if !success { + return fmt.Errorf("failed to sync cache") + } + + // limit the rate of outgoing events + w.rateLimitedEventSender(upstreamEvents, notifyEvents) + + <-w.stopChannel + return nil +} + +// rateLimitedEventSender sends events to the upstreamEvents channel whenever it gets a notification on the notifyEvents channel, +// but not more frequently than once per w.eventPeriod. +func (w *PrometheusCRWatcher) rateLimitedEventSender(upstreamEvents chan Event, notifyEvents chan struct{}) { + ticker := time.NewTicker(w.eventInterval) + defer ticker.Stop() + + event := Event{ + Source: EventSourcePrometheusCR, + Watcher: Watcher(w), + } + + for { + select { + case <-w.stopChannel: + return + case <-ticker.C: // throttle events to avoid excessive updates + select { + case <-notifyEvents: + select { + case upstreamEvents <- event: + default: // put the notification back in the queue if we can't send it upstream + select { + case notifyEvents <- struct{}{}: + default: + } + } + default: + } + } + } +} + +func (w *PrometheusCRWatcher) Close() error { + close(w.stopChannel) + return nil +} + +func (w *PrometheusCRWatcher) LoadConfig(ctx context.Context) (*promconfig.Config, error) { + store := assets.NewStore(w.k8sClient.CoreV1(), w.k8sClient.CoreV1()) + serviceMonitorInstances := make(map[string]*monitoringv1.ServiceMonitor) + smRetrieveErr := w.informers[monitoringv1.ServiceMonitorName].ListAll(w.serviceMonitorSelector, func(sm interface{}) { + monitor := sm.(*monitoringv1.ServiceMonitor) + key, _ := cache.DeletionHandlingMetaNamespaceKeyFunc(monitor) + w.addStoreAssetsForServiceMonitor(ctx, monitor.Name, monitor.Namespace, monitor.Spec.Endpoints, store) + serviceMonitorInstances[key] = monitor + }) + if smRetrieveErr != nil { + return nil, smRetrieveErr + } + + podMonitorInstances := make(map[string]*monitoringv1.PodMonitor) + pmRetrieveErr := w.informers[monitoringv1.PodMonitorName].ListAll(w.podMonitorSelector, func(pm interface{}) { + monitor := pm.(*monitoringv1.PodMonitor) + key, _ := cache.DeletionHandlingMetaNamespaceKeyFunc(monitor) + w.addStoreAssetsForPodMonitor(ctx, monitor.Name, monitor.Namespace, monitor.Spec.PodMetricsEndpoints, store) + podMonitorInstances[key] = monitor + }) + if pmRetrieveErr != nil { + return nil, pmRetrieveErr + } + + generatedConfig, err := w.configGenerator.GenerateServerConfiguration( + ctx, + "30s", + "", + nil, + nil, + monitoringv1.TSDBSpec{}, + nil, + nil, + serviceMonitorInstances, + podMonitorInstances, + map[string]*monitoringv1.Probe{}, + map[string]*promv1alpha1.ScrapeConfig{}, + store, + nil, + nil, + nil, + []string{}) + if err != nil { + return nil, err + } + + promCfg := &promconfig.Config{} + unmarshalErr := yaml.Unmarshal(generatedConfig, promCfg) + if unmarshalErr != nil { + return nil, unmarshalErr + } + + // set kubeconfig path to service discovery configs, else kubernetes_sd will always attempt in-cluster + // authentication even if running with a detected kubeconfig + for _, scrapeConfig := range promCfg.ScrapeConfigs { + for _, serviceDiscoveryConfig := range scrapeConfig.ServiceDiscoveryConfigs { + if serviceDiscoveryConfig.Name() == "kubernetes" { + sdConfig := interface{}(serviceDiscoveryConfig).(*kubeDiscovery.SDConfig) + sdConfig.KubeConfig = w.kubeConfigPath + } + } + } + return promCfg, nil +} + +// addStoreAssetsForServiceMonitor adds authentication / authorization related information to the assets store, +// based on the service monitor and endpoints specs. +// This code borrows from +// https://github.com/prometheus-operator/prometheus-operator/blob/06b5c4189f3f72737766d86103d049115c3aff48/pkg/prometheus/resource_selector.go#L73. +func (w *PrometheusCRWatcher) addStoreAssetsForServiceMonitor( + ctx context.Context, + smName, smNamespace string, + endps []monitoringv1.Endpoint, + store *assets.Store, +) { + var err error + for i, endp := range endps { + objKey := fmt.Sprintf("serviceMonitor/%s/%s/%d", smNamespace, smName, i) + + if err = store.AddBearerToken(ctx, smNamespace, endp.BearerTokenSecret, objKey); err != nil { + break + } + + if err = store.AddBasicAuth(ctx, smNamespace, endp.BasicAuth, objKey); err != nil { + break + } + + if endp.TLSConfig != nil { + if err = store.AddTLSConfig(ctx, smNamespace, endp.TLSConfig); err != nil { + break + } + } + + if err = store.AddOAuth2(ctx, smNamespace, endp.OAuth2, objKey); err != nil { + break + } + + smAuthKey := fmt.Sprintf("serviceMonitor/auth/%s/%s/%d", smNamespace, smName, i) + if err = store.AddSafeAuthorizationCredentials(ctx, smNamespace, endp.Authorization, smAuthKey); err != nil { + break + } + } + + if err != nil { + w.logger.Error(err, "Failed to obtain credentials for a ServiceMonitor", "serviceMonitor", smName) + } +} + +// addStoreAssetsForServiceMonitor adds authentication / authorization related information to the assets store, +// based on the service monitor and pod metrics endpoints specs. +// This code borrows from +// https://github.com/prometheus-operator/prometheus-operator/blob/06b5c4189f3f72737766d86103d049115c3aff48/pkg/prometheus/resource_selector.go#L314. +func (w *PrometheusCRWatcher) addStoreAssetsForPodMonitor( + ctx context.Context, + pmName, pmNamespace string, + podMetricsEndps []monitoringv1.PodMetricsEndpoint, + store *assets.Store, +) { + var err error + for i, endp := range podMetricsEndps { + objKey := fmt.Sprintf("podMonitor/%s/%s/%d", pmNamespace, pmName, i) + + if err = store.AddBearerToken(ctx, pmNamespace, &endp.BearerTokenSecret, objKey); err != nil { + break + } + + if err = store.AddBasicAuth(ctx, pmNamespace, endp.BasicAuth, objKey); err != nil { + break + } + + if endp.TLSConfig != nil { + if err = store.AddSafeTLSConfig(ctx, pmNamespace, &endp.TLSConfig.SafeTLSConfig); err != nil { + break + } + } + + if err = store.AddOAuth2(ctx, pmNamespace, endp.OAuth2, objKey); err != nil { + break + } + + smAuthKey := fmt.Sprintf("podMonitor/auth/%s/%s/%d", pmNamespace, pmName, i) + if err = store.AddSafeAuthorizationCredentials(ctx, pmNamespace, endp.Authorization, smAuthKey); err != nil { + break + } + } + + if err != nil { + w.logger.Error(err, "Failed to obtain credentials for a PodMonitor", "podMonitor", pmName) + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator_test.go new file mode 100644 index 000000000..17a4ed46a --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/promOperator_test.go @@ -0,0 +1,416 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package watcher + +import ( + "context" + "testing" + "time" + + "github.com/go-kit/log" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + fakemonitoringclient "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/fake" + "github.com/prometheus-operator/prometheus-operator/pkg/informers" + "github.com/prometheus-operator/prometheus-operator/pkg/prometheus" + "github.com/prometheus/common/config" + "github.com/prometheus/common/model" + promconfig "github.com/prometheus/prometheus/config" + "github.com/prometheus/prometheus/discovery" + kubeDiscovery "github.com/prometheus/prometheus/discovery/kubernetes" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/client-go/tools/cache" +) + +func TestLoadConfig(t *testing.T) { + tests := []struct { + name string + serviceMonitor *monitoringv1.ServiceMonitor + podMonitor *monitoringv1.PodMonitor + want *promconfig.Config + wantErr bool + }{ + { + name: "simple test", + serviceMonitor: &monitoringv1.ServiceMonitor{ + ObjectMeta: metav1.ObjectMeta{ + Name: "simple", + Namespace: "test", + }, + Spec: monitoringv1.ServiceMonitorSpec{ + JobLabel: "test", + Endpoints: []monitoringv1.Endpoint{ + { + Port: "web", + }, + }, + }, + }, + podMonitor: &monitoringv1.PodMonitor{ + ObjectMeta: metav1.ObjectMeta{ + Name: "simple", + Namespace: "test", + }, + Spec: monitoringv1.PodMonitorSpec{ + JobLabel: "test", + PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{ + { + Port: "web", + }, + }, + }, + }, + want: &promconfig.Config{ + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "serviceMonitor/test/simple/0", + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(10 * time.Second), + HonorTimestamps: true, + HonorLabels: false, + Scheme: "http", + MetricsPath: "/metrics", + ServiceDiscoveryConfigs: []discovery.Config{ + &kubeDiscovery.SDConfig{ + Role: "endpointslice", + NamespaceDiscovery: kubeDiscovery.NamespaceDiscovery{ + Names: []string{"test"}, + IncludeOwnNamespace: false, + }, + HTTPClientConfig: config.DefaultHTTPClientConfig, + }, + }, + HTTPClientConfig: config.DefaultHTTPClientConfig, + }, + { + JobName: "podMonitor/test/simple/0", + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(10 * time.Second), + HonorTimestamps: true, + HonorLabels: false, + Scheme: "http", + MetricsPath: "/metrics", + ServiceDiscoveryConfigs: []discovery.Config{ + &kubeDiscovery.SDConfig{ + Role: "pod", + NamespaceDiscovery: kubeDiscovery.NamespaceDiscovery{ + Names: []string{"test"}, + IncludeOwnNamespace: false, + }, + HTTPClientConfig: config.DefaultHTTPClientConfig, + }, + }, + HTTPClientConfig: config.DefaultHTTPClientConfig, + }, + }, + }, + }, + { + name: "basic auth (serviceMonitor)", + serviceMonitor: &monitoringv1.ServiceMonitor{ + ObjectMeta: metav1.ObjectMeta{ + Name: "auth", + Namespace: "test", + }, + Spec: monitoringv1.ServiceMonitorSpec{ + JobLabel: "auth", + Endpoints: []monitoringv1.Endpoint{ + { + Port: "web", + BasicAuth: &monitoringv1.BasicAuth{ + Username: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "basic-auth", + }, + Key: "username", + }, + Password: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "basic-auth", + }, + Key: "password", + }, + }, + }, + }, + Selector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app": "auth", + }, + }, + }, + }, + want: &promconfig.Config{ + GlobalConfig: promconfig.GlobalConfig{}, + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "serviceMonitor/test/auth/0", + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(10 * time.Second), + HonorTimestamps: true, + HonorLabels: false, + Scheme: "http", + MetricsPath: "/metrics", + ServiceDiscoveryConfigs: []discovery.Config{ + &kubeDiscovery.SDConfig{ + Role: "endpointslice", + NamespaceDiscovery: kubeDiscovery.NamespaceDiscovery{ + Names: []string{"test"}, + IncludeOwnNamespace: false, + }, + HTTPClientConfig: config.DefaultHTTPClientConfig, + }, + }, + HTTPClientConfig: config.HTTPClientConfig{ + FollowRedirects: true, + EnableHTTP2: true, + BasicAuth: &config.BasicAuth{ + Username: "admin", + Password: "password", + }, + }, + }, + }, + }, + }, + { + name: "bearer token (podMonitor)", + podMonitor: &monitoringv1.PodMonitor{ + ObjectMeta: metav1.ObjectMeta{ + Name: "bearer", + Namespace: "test", + }, + Spec: monitoringv1.PodMonitorSpec{ + JobLabel: "bearer", + PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{ + { + Port: "web", + BearerTokenSecret: v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: "bearer", + }, + Key: "token", + }, + }, + }, + }, + }, + want: &promconfig.Config{ + GlobalConfig: promconfig.GlobalConfig{}, + ScrapeConfigs: []*promconfig.ScrapeConfig{ + { + JobName: "podMonitor/test/bearer/0", + ScrapeInterval: model.Duration(30 * time.Second), + ScrapeTimeout: model.Duration(10 * time.Second), + HonorTimestamps: true, + HonorLabels: false, + Scheme: "http", + MetricsPath: "/metrics", + ServiceDiscoveryConfigs: []discovery.Config{ + &kubeDiscovery.SDConfig{ + Role: "pod", + NamespaceDiscovery: kubeDiscovery.NamespaceDiscovery{ + Names: []string{"test"}, + IncludeOwnNamespace: false, + }, + HTTPClientConfig: config.DefaultHTTPClientConfig, + }, + }, + HTTPClientConfig: config.HTTPClientConfig{ + FollowRedirects: true, + EnableHTTP2: true, + Authorization: &config.Authorization{ + Type: "Bearer", + Credentials: "bearer-token", + }, + }, + }, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + w := getTestPrometheusCRWatcher(t, tt.serviceMonitor, tt.podMonitor) + for _, informer := range w.informers { + // Start informers in order to populate cache. + informer.Start(w.stopChannel) + } + + // Wait for informers to sync. + for _, informer := range w.informers { + for !informer.HasSynced() { + time.Sleep(50 * time.Millisecond) + } + } + + got, err := w.LoadConfig(context.Background()) + assert.NoError(t, err) + + sanitizeScrapeConfigsForTest(got.ScrapeConfigs) + assert.Equal(t, tt.want.ScrapeConfigs, got.ScrapeConfigs) + }) + } +} + +func TestRateLimit(t *testing.T) { + var err error + serviceMonitor := &monitoringv1.ServiceMonitor{ + ObjectMeta: metav1.ObjectMeta{ + Name: "simple", + Namespace: "test", + }, + Spec: monitoringv1.ServiceMonitorSpec{ + JobLabel: "test", + Endpoints: []monitoringv1.Endpoint{ + { + Port: "web", + }, + }, + }, + } + events := make(chan Event, 1) + eventInterval := 5 * time.Millisecond + + w := getTestPrometheusCRWatcher(t, nil, nil) + defer w.Close() + w.eventInterval = eventInterval + + go func() { + watchErr := w.Watch(events, make(chan error)) + require.NoError(t, watchErr) + }() + // we don't have a simple way to wait for the watch to actually add event handlers to the informer, + // instead, we just update a ServiceMonitor periodically and wait until we get a notification + _, err = w.kubeMonitoringClient.MonitoringV1().ServiceMonitors("test").Create(context.Background(), serviceMonitor, metav1.CreateOptions{}) + require.NoError(t, err) + + // wait for cache sync first + for _, informer := range w.informers { + success := cache.WaitForCacheSync(w.stopChannel, informer.HasSynced) + require.True(t, success) + } + + require.Eventually(t, func() bool { + _, createErr := w.kubeMonitoringClient.MonitoringV1().ServiceMonitors("test").Update(context.Background(), serviceMonitor, metav1.UpdateOptions{}) + if createErr != nil { + return false + } + select { + case <-events: + return true + default: + return false + } + }, eventInterval*2, time.Millisecond) + + // it's difficult to measure the rate precisely + // what we do, is send two updates, and then assert that the elapsed time is between eventInterval and 3*eventInterval + startTime := time.Now() + _, err = w.kubeMonitoringClient.MonitoringV1().ServiceMonitors("test").Update(context.Background(), serviceMonitor, metav1.UpdateOptions{}) + require.NoError(t, err) + require.Eventually(t, func() bool { + select { + case <-events: + return true + default: + return false + } + }, eventInterval*2, time.Millisecond) + _, err = w.kubeMonitoringClient.MonitoringV1().ServiceMonitors("test").Update(context.Background(), serviceMonitor, metav1.UpdateOptions{}) + require.NoError(t, err) + require.Eventually(t, func() bool { + select { + case <-events: + return true + default: + return false + } + }, eventInterval*2, time.Millisecond) + elapsedTime := time.Since(startTime) + assert.Less(t, eventInterval, elapsedTime) + assert.GreaterOrEqual(t, eventInterval*3, elapsedTime) + +} + +// getTestPrometheuCRWatcher creates a test instance of PrometheusCRWatcher with fake clients +// and test secrets. +func getTestPrometheusCRWatcher(t *testing.T, sm *monitoringv1.ServiceMonitor, pm *monitoringv1.PodMonitor) *PrometheusCRWatcher { + mClient := fakemonitoringclient.NewSimpleClientset() + if sm != nil { + _, err := mClient.MonitoringV1().ServiceMonitors("test").Create(context.Background(), sm, metav1.CreateOptions{}) + if err != nil { + t.Fatal(t, err) + } + } + if pm != nil { + _, err := mClient.MonitoringV1().PodMonitors("test").Create(context.Background(), pm, metav1.CreateOptions{}) + if err != nil { + t.Fatal(t, err) + } + } + + k8sClient := fake.NewSimpleClientset() + _, err := k8sClient.CoreV1().Secrets("test").Create(context.Background(), &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic-auth", + Namespace: "test", + }, + Data: map[string][]byte{"username": []byte("admin"), "password": []byte("password")}, + }, metav1.CreateOptions{}) + if err != nil { + t.Fatal(t, err) + } + _, err = k8sClient.CoreV1().Secrets("test").Create(context.Background(), &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "bearer", + Namespace: "test", + }, + Data: map[string][]byte{"token": []byte("bearer-token")}, + }, metav1.CreateOptions{}) + if err != nil { + t.Fatal(t, err) + } + + factory := informers.NewMonitoringInformerFactories(map[string]struct{}{v1.NamespaceAll: {}}, map[string]struct{}{}, mClient, 0, nil) + informers, err := getInformers(factory) + if err != nil { + t.Fatal(t, err) + } + + prom := &monitoringv1.Prometheus{ + Spec: monitoringv1.PrometheusSpec{ + CommonPrometheusFields: monitoringv1.CommonPrometheusFields{ + ScrapeInterval: monitoringv1.Duration("30s"), + }, + }, + } + + generator, err := prometheus.NewConfigGenerator(log.NewNopLogger(), prom, true) + if err != nil { + t.Fatal(t, err) + } + + return &PrometheusCRWatcher{ + kubeMonitoringClient: mClient, + k8sClient: k8sClient, + informers: informers, + configGenerator: generator, + serviceMonitorSelector: getSelector(nil), + podMonitorSelector: getSelector(nil), + stopChannel: make(chan struct{}), + } +} + +// Remove relable configs fields from scrape configs for testing, +// since these are mutated and tested down the line with the hook(s). +func sanitizeScrapeConfigsForTest(scs []*promconfig.ScrapeConfig) { + for _, sc := range scs { + sc.RelabelConfigs = nil + sc.MetricRelabelConfigs = nil + } +} diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/watcher/watcher.go b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/watcher.go new file mode 100644 index 000000000..49b2cef87 --- /dev/null +++ b/cmd/amazon-cloudwatch-agent-target-allocator/watcher/watcher.go @@ -0,0 +1,40 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package watcher + +import ( + "context" + + promconfig "github.com/prometheus/prometheus/config" +) + +type Watcher interface { + // Watch watcher and supply channels which will receive change events + Watch(upstreamEvents chan Event, upstreamErrors chan error) error + LoadConfig(ctx context.Context) (*promconfig.Config, error) + Close() error +} + +type Event struct { + Source EventSource + Watcher Watcher +} + +type EventSource int + +const ( + EventSourceConfigMap EventSource = iota + EventSourcePrometheusCR +) + +var ( + eventSourceToString = map[EventSource]string{ + EventSourceConfigMap: "EventSourceConfigMap", + EventSourcePrometheusCR: "EventSourcePrometheusCR", + } +) + +func (e EventSource) String() string { + return eventSourceToString[e] +} diff --git a/go.mod b/go.mod index cd83fe187..a2f4b7372 100644 --- a/go.mod +++ b/go.mod @@ -9,23 +9,37 @@ replace github.com/openshift/api v3.9.0+incompatible => github.com/openshift/api require ( dario.cat/mergo v1.0.0 + github.com/buraksezer/consistent v0.10.0 + github.com/cespare/xxhash/v2 v2.2.0 + github.com/fsnotify/fsnotify v1.7.0 + github.com/ghodss/yaml v1.0.0 + github.com/gin-gonic/gin v1.10.0 + github.com/go-kit/log v0.2.1 github.com/go-logr/logr v1.4.1 github.com/google/uuid v1.6.0 + github.com/json-iterator/go v1.1.12 github.com/mitchellh/mapstructure v1.5.0 + github.com/oklog/run v1.1.0 github.com/openshift/api v3.9.0+incompatible + github.com/prometheus-operator/prometheus-operator v0.70.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0 + github.com/prometheus-operator/prometheus-operator/pkg/client v0.70.0 + github.com/prometheus/client_golang v1.17.0 + github.com/prometheus/common v0.45.0 github.com/prometheus/prometheus v0.48.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 go.opentelemetry.io/collector/featuregate v0.77.0 go.opentelemetry.io/otel v1.21.0 go.uber.org/zap v1.25.0 - golang.org/x/exp v0.0.0-20231006140011-7918f672742d + golang.org/x/exp v0.0.0-20231127185646-65229373498e gopkg.in/yaml.v2 v2.4.0 + gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.0 k8s.io/apimachinery v0.29.0 k8s.io/client-go v0.29.0 k8s.io/component-base v0.29.0 + k8s.io/klog/v2 v2.110.1 k8s.io/kubectl v0.29.0 k8s.io/utils v0.0.0-20231127182322-b307cd553661 sigs.k8s.io/controller-runtime v0.16.3 @@ -43,38 +57,58 @@ require ( github.com/Microsoft/go-winio v0.6.1 // indirect github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect github.com/armon/go-metrics v0.4.1 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.45.25 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/bytedance/sonic v1.11.6 // indirect + github.com/bytedance/sonic/loader v0.1.1 // indirect + github.com/cloudwego/base64x v0.1.4 // indirect + github.com/cloudwego/iasm v0.2.0 // indirect github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect github.com/containerd/log v0.1.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/dennwc/varint v1.0.0 // indirect github.com/digitalocean/godo v1.104.1 // indirect github.com/distribution/reference v0.5.0 // indirect github.com/docker/docker v25.0.6+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect + github.com/edsrzf/mmap-go v1.1.0 // indirect + github.com/efficientgo/core v1.0.0-rc.2 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/envoyproxy/go-control-plane v0.11.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect - github.com/evanphx/json-patch v5.6.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect + github.com/evanphx/json-patch v5.7.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.7.0 // indirect github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-kit/log v0.2.1 // indirect + github.com/gabriel-vasile/mimetype v1.4.3 // indirect + github.com/gin-contrib/sse v0.1.0 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.2.4 // indirect + github.com/go-openapi/analysis v0.21.4 // indirect + github.com/go-openapi/errors v0.20.4 // indirect github.com/go-openapi/jsonpointer v0.20.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/loads v0.21.2 // indirect + github.com/go-openapi/runtime v0.26.0 // indirect + github.com/go-openapi/spec v0.20.9 // indirect + github.com/go-openapi/strfmt v0.21.7 // indirect github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-openapi/validate v0.22.1 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.20.0 // indirect github.com/go-resty/resty/v2 v2.7.0 // indirect github.com/go-zookeeper/zk v1.0.3 // indirect + github.com/goccy/go-json v0.10.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/snappy v0.0.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect @@ -105,66 +139,75 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/jpillora/backoff v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.17.1 // indirect + github.com/klauspost/cpuid/v2 v2.2.7 // indirect github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect github.com/kylelemons/godebug v1.1.0 // indirect + github.com/leodido/go-urn v1.4.0 // indirect github.com/linode/linodego v1.23.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect + github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a // indirect github.com/miekg/dns v1.1.56 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect + github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect - github.com/operator-framework/operator-lib v0.11.0 // indirect + github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/ovh/go-ovh v1.4.3 // indirect + github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.17.0 // indirect + github.com/prometheus-community/prom-label-proxy v0.7.0 // indirect + github.com/prometheus/alertmanager v0.26.0 // indirect github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.44.0 // indirect github.com/prometheus/common/sigv4 v0.1.0 // indirect github.com/prometheus/procfs v0.11.1 // indirect github.com/scaleway/scaleway-sdk-go v1.0.0-beta.21 // indirect github.com/spf13/cobra v1.7.0 // indirect github.com/stretchr/objx v0.5.2 // indirect + github.com/twitchyliquid64/golang-asm v0.15.1 // indirect + github.com/ugorji/go/codec v1.2.12 // indirect github.com/vultr/govultr/v2 v2.17.2 // indirect + go.mongodb.org/mongo-driver v1.12.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect go.opentelemetry.io/otel/metric v1.21.0 // indirect go.opentelemetry.io/otel/trace v1.21.0 // indirect + go.uber.org/atomic v1.11.0 // indirect + go.uber.org/goleak v1.2.1 // indirect go.uber.org/multierr v1.11.0 // indirect + golang.org/x/arch v0.8.0 // indirect golang.org/x/crypto v0.24.0 // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.26.0 // indirect - golang.org/x/oauth2 v0.13.0 // indirect + golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.21.0 // indirect golang.org/x/term v0.21.0 // indirect golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.3.0 // indirect + golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.147.0 // indirect - google.golang.org/appengine v1.6.7 // indirect + google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect google.golang.org/grpc v1.58.3 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.29.0 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 1c05684b4..df92b5074 100644 --- a/go.sum +++ b/go.sum @@ -59,9 +59,12 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mx github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DATA-DOG/go-sqlmock v1.4.1/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -75,17 +78,28 @@ github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJ github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.45.25 h1:c4fLlh5sLdK2DCRTY1z0hyuJZU4ygxX8m1FswL6/nF4= github.com/aws/aws-sdk-go v1.45.25/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= -github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/buraksezer/consistent v0.10.0 h1:hqBgz1PvNLC5rkWcEBVAL9dFMBWz6I0VgUCW25rrZlU= +github.com/buraksezer/consistent v0.10.0/go.mod h1:6BrVajWq7wbKZlTOUPs/XVfR8c0maujuPowduSpZqmw= +github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0= +github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4= +github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM= +github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -98,6 +112,10 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y= +github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= +github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= +github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -109,6 +127,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dennwc/varint v1.0.0 h1:kGNFFSSw8ToIy3obO/kKr8U9GZYUAxQEVuix4zfDWzE= +github.com/dennwc/varint v1.0.0/go.mod h1:hnItb35rvZvJrbTALZtY/iQfDs48JKRG1RPpgziApxA= github.com/digitalocean/godo v1.104.1 h1:SZNxjAsskM/su0YW9P8Wx3gU0W1Z13b6tZlYNpl5BnA= github.com/digitalocean/godo v1.104.1/go.mod h1:VAI/L5YDzMuPRU01lEEUSQ/sp5Z//1HnnFv/RBTEdbg= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= @@ -121,6 +141,10 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= +github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= +github.com/efficientgo/core v1.0.0-rc.2 h1:7j62qHLnrZqO3V3UA0AqOGd5d5aXV3AX6m/NZBHp78I= +github.com/efficientgo/core v1.0.0-rc.2/go.mod h1:FfGdkzWarkuzOlY04VY+bGfb1lWrjaL6x/GLcQ4vJps= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -131,10 +155,10 @@ github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= -github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= +github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= +github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc= +github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= @@ -144,6 +168,14 @@ github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBd github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= +github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= +github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU= +github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -166,14 +198,53 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= +github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= +github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc= +github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= +github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWLG6M= +github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= +github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ= github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA= +github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= +github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= +github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= +github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= +github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= +github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= +github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= +github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.9 h1:xnlYNQAwKd2VQRRfwTEI0DcK+2cbuvI/0c7jx3gA8/8= +github.com/go-openapi/spec v0.20.9/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= +github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= +github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= +github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= +github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= +github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= +github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8= +github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY= github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -181,6 +252,32 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-zookeeper/zk v1.0.3 h1:7M2kwOsc//9VeeFiPtf+uSJlVpU66x9Ba5+8XK7/TDg= github.com/go-zookeeper/zk v1.0.3/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= +github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= +github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= +github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= +github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= +github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= +github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= +github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= +github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= +github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= +github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= +github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= +github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= +github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= +github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360= +github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg= +github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE= +github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= +github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= +github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= +github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= +github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= +github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= +github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= +github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= +github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= +github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -214,8 +311,12 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -255,6 +356,7 @@ github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0Z github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -329,17 +431,18 @@ github.com/hetznercloud/hcloud-go/v2 v2.4.0/go.mod h1:l7fA5xsncFBzQTyw29/dw5Yr88 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/ionos-cloud/sdk-go/v6 v6.1.9 h1:Iq3VIXzeEbc8EbButuACgfLMiY5TPVWUPNrF+Vsddo4= github.com/ionos-cloud/sdk-go/v6 v6.1.9/go.mod h1:EzEgRIDxBELvfoa/uBN0kOQaqovLjUWEB7iW4/Q+t4k= github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc= github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA= @@ -354,11 +457,21 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= +github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/klauspost/compress v1.17.1 h1:NE3C767s2ak2bweCZo3+rdP4U/HoyVXLv/X9f2gPS5g= +github.com/klauspost/compress v1.17.1/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM= +github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -371,10 +484,17 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= +github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/linode/linodego v1.23.0 h1:s0ReCZtuN9Z1IoUN9w1RLeYO1dMZUGPwOQ/IBFsBHtU= github.com/linode/linodego v1.23.0/go.mod h1:0U7wj/UQOqBNbKv1FYTXiBUXueR8DY4HvIotwE0ENgg= +github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= +github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= @@ -391,10 +511,12 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g= github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM= +github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a h1:0usWxe5SGXKQovz3p+BiQ81Jy845xSMu2CWKuXsXuUM= +github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a/go.mod h1:3OETvrxfELvGsU2RoGGWercfeZ4bCL3+SOwzIWtJH/Q= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE= @@ -405,6 +527,8 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= @@ -416,6 +540,7 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= @@ -423,6 +548,11 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= +github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= +github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= @@ -433,13 +563,16 @@ github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrB github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/openshift/api v0.0.0-20180801171038-322a19404e37 h1:05irGU4HK4IauGGDbsk+ZHrm1wOzMLYjMlfaiqMrBYc= github.com/openshift/api v0.0.0-20180801171038-322a19404e37/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY= -github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9BwCisZd3rIzmHRC9Z8= -github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g= +github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= +github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0= github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= +github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= +github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -451,11 +584,20 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= +github.com/prometheus-community/prom-label-proxy v0.7.0 h1:1iNHXF7V8z2iOCinEyxKDUHu2jppPAAd6PmBCi3naok= +github.com/prometheus-community/prom-label-proxy v0.7.0/go.mod h1:wR9C/Mwp5aBbiqM6gQ+FZdFRwL8pCzzhsje8lTAx/aA= +github.com/prometheus-operator/prometheus-operator v0.70.0 h1:kMufKWvqJl08Kh0oue3VLmTsowYKKqCQJa7tqXo+DJI= +github.com/prometheus-operator/prometheus-operator v0.70.0/go.mod h1:a/P8ufM+z7gkt4QpWEHWPARs/8bhRBkyZN5pjUl5RMk= github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0 h1:CFTvpkpVP4EXXZuaZuxpikAoma8xVha/IZKMDc9lw+Y= github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0/go.mod h1:npfc20mPOAu7ViOVnATVMbI7PoXvW99EzgJVqkAomIQ= +github.com/prometheus-operator/prometheus-operator/pkg/client v0.70.0 h1:PpdpJDS1MyMSLILG+Y0hgzVQ3tu6qEkRD0gR/UuvSZk= +github.com/prometheus-operator/prometheus-operator/pkg/client v0.70.0/go.mod h1:4I5Rt6iIu95JBYYaDYA+Er+YBfUwIq9Pwh5TEoBmawg= +github.com/prometheus/alertmanager v0.26.0 h1:uOMJWfIwJguc3NaM3appWNbbrh6G/OjvaHMk22aBBYc= +github.com/prometheus/alertmanager v0.26.0/go.mod h1:rVcnARltVjavgVaNnmevxK7kOn7IZavyf0KNgHkbEpU= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= @@ -471,8 +613,8 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4= github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -484,6 +626,8 @@ github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwa github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= github.com/prometheus/prometheus v0.48.1 h1:CTszphSNTXkuCG6O0IfpKdHcJkvvnAAE1GbELKS+NFk= github.com/prometheus/prometheus v0.48.1/go.mod h1:SRw624aMAxTfryAcP8rOjg4S/sHHaetx2lyJJ2nM83g= +github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= @@ -496,12 +640,16 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg github.com/shoenig/test v0.6.6 h1:Oe8TPH9wAbv++YPNDKJWUnI8Q4PPWCx3UbOfH+FxiMU= github.com/shoenig/test v0.6.6/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -513,22 +661,43 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= +github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= +github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= +github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE= +github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs= github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= +github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= +github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= +github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= +github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= +github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= +github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= +github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM= +github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= +go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= +go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= +go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE= +go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -555,6 +724,8 @@ go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+ go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= @@ -564,14 +735,20 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= +golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= +golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc= +golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= @@ -585,8 +762,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/exp v0.0.0-20231127185646-65229373498e h1:Gvh4YaCaXNs6dKTlfgismwWZKyjVZXwOPfIyUaqU3No= +golang.org/x/exp v0.0.0-20231127185646-65229373498e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -645,6 +822,7 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -658,12 +836,13 @@ golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= -golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= +golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -681,10 +860,13 @@ golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -716,6 +898,7 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -728,6 +911,7 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= @@ -741,25 +925,32 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= @@ -828,8 +1019,8 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -892,12 +1083,13 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -914,10 +1106,13 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= +gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= +gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -937,13 +1132,15 @@ k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a h1:ZeIPbyHHqahGIbeyLJJjAUhnxCKqXaDY+n89Ms8szyA= +k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= @@ -952,5 +1149,5 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/integration-tests/eks/resourceCount_linuxonly_test.go b/integration-tests/eks/resourceCount_linuxonly_test.go index 89041dffb..f63ec37eb 100644 --- a/integration-tests/eks/resourceCount_linuxonly_test.go +++ b/integration-tests/eks/resourceCount_linuxonly_test.go @@ -9,11 +9,11 @@ package eks_addon const ( // Services count for CW agent on Linux and Windows serviceCountLinux = 6 - serviceCountWindows = 3 + serviceCountWindows = 6 // DaemonSet count for CW agent on Linux and Windows daemonsetCountLinux = 4 - daemonsetCountWindows = 2 + daemonsetCountWindows = 3 // Pods count for CW agent on Linux and Windows podCountLinux = 3 diff --git a/integration-tests/eks/resourceCount_windowslinux_test.go b/integration-tests/eks/resourceCount_windowslinux_test.go index e7831d491..d7d46a456 100644 --- a/integration-tests/eks/resourceCount_windowslinux_test.go +++ b/integration-tests/eks/resourceCount_windowslinux_test.go @@ -9,11 +9,11 @@ package eks_addon const ( // Services count for CW agent on Linux and Windows serviceCountLinux = 6 - serviceCountWindows = 3 + serviceCountWindows = 6 // DaemonSet count for CW agent on Linux and Windows daemonsetCountLinux = 4 - daemonsetCountWindows = 2 + daemonsetCountWindows = 3 // Pods count for CW agent on Linux and Windows podCountLinux = 3 diff --git a/integration-tests/eks/validateResources_test.go b/integration-tests/eks/validateResources_test.go index 90ca15efe..0d79e2e18 100644 --- a/integration-tests/eks/validateResources_test.go +++ b/integration-tests/eks/validateResources_test.go @@ -26,17 +26,18 @@ import ( ) const ( - nameSpace = "amazon-cloudwatch" - addOnName = "amazon-cloudwatch-observability" - agentName = "cloudwatch-agent" - agentNameWindows = "cloudwatch-agent-windows" - operatorName = addOnName + "-controller-manager" - fluentBitName = "fluent-bit" - fluentBitNameWindows = "fluent-bit-windows" - dcgmExporterName = "dcgm-exporter" - neuronMonitor = "neuron-monitor" - podNameRegex = "(" + agentName + "|" + agentNameWindows + "|" + operatorName + "|" + fluentBitName + "|" + fluentBitNameWindows + ")-*" - serviceNameRegex = agentName + "(-headless|-monitoring)?|" + agentNameWindows + "(-headless|-monitoring)?|" + addOnName + "-webhook-service|" + dcgmExporterName + "-service|" + neuronMonitor + "-service" + nameSpace = "amazon-cloudwatch" + addOnName = "amazon-cloudwatch-observability" + agentName = "cloudwatch-agent" + agentNameWindows = "cloudwatch-agent-windows" + agentNameWindowsContainerInsights = "cloudwatch-agent-windows-container-insights" + operatorName = addOnName + "-controller-manager" + fluentBitName = "fluent-bit" + fluentBitNameWindows = "fluent-bit-windows" + dcgmExporterName = "dcgm-exporter" + neuronMonitor = "neuron-monitor" + podNameRegex = "(" + agentName + "|" + agentNameWindows + "|" + agentNameWindowsContainerInsights + "|" + operatorName + "|" + fluentBitName + "|" + fluentBitNameWindows + ")-*" + serviceNameRegex = agentName + "(-headless|-monitoring)?|" + agentNameWindows + "(-headless|-monitoring)?|" + agentNameWindowsContainerInsights + "(-headless|-monitoring)?|" + addOnName + "-webhook-service|" + dcgmExporterName + "-service|" + neuronMonitor + "-service" ) const ( @@ -102,6 +103,9 @@ func TestOperatorOnEKs(t *testing.T) { // - cloudwatch-agent-windows // - cloudwatch-agent-windows-headless // - cloudwatch-agent-windows-monitoring + // - cloudwatch-agent-windows-container-insights + // - cloudwatch-agent-windows-container-insights-headless + // - cloudwatch-agent-windows-container-insights-monitoring // - dcgm-exporter-service // - neuron-monitor-service if match, _ := regexp.MatchString(serviceNameRegex, service.Name); !match { @@ -133,6 +137,7 @@ func TestOperatorOnEKs(t *testing.T) { // matches // - cloudwatch-agent // - cloudwatch-agent-windows + // - cloudwatch-agent-windows-container-insights // - fluent-bit // - fluent-bit-windows // - dcgm-exporter (this can be removed in the future) diff --git a/integration-tests/generator/k8s_versions_matrix.json b/integration-tests/generator/k8s_versions_matrix.json index 7c184be6b..2264c0e96 100644 --- a/integration-tests/generator/k8s_versions_matrix.json +++ b/integration-tests/generator/k8s_versions_matrix.json @@ -22,5 +22,8 @@ }, { "k8sVersion": "1.30" + }, + { + "k8sVersion": "1.31" } ] \ No newline at end of file diff --git a/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go b/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go index bacbb22c4..5aae96ee0 100644 --- a/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go +++ b/integration-tests/manifests/annotations/validate_annotation_daemonset_test.go @@ -42,6 +42,12 @@ func TestAllLanguagesDaemonSet(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{""}, }, + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{filepath.Join(uniqueNamespace, daemonSetName)}, + Deployments: []string{""}, + StatefulSets: []string{""}, + }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -51,7 +57,7 @@ func TestAllLanguagesDaemonSet(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } @@ -156,3 +162,27 @@ func TestDotNetOnlyDaemonSet(t *testing.T) { } } +func TestNodeJSOnlyDaemonSet(t *testing.T) { + clientSet := setupTest(t) + randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) + if err != nil { + panic(err) + } + randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace + uniqueNamespace := fmt.Sprintf("daemonset-namespace-nodejs-only-%d", randomNumber) + annotationConfig := auto.AnnotationConfig{ + NodeJS: auto.AnnotationResources{ + DaemonSets: []string{filepath.Join(uniqueNamespace, daemonSetName)}, + }, + } + jsonStr, err := json.Marshal(annotationConfig) + if err != nil { + t.Error("Error:", err) + } + startTime := time.Now() + updateTheOperator(t, clientSet, string(jsonStr)) + + if err := checkResourceAnnotations(t, clientSet, "daemonset", uniqueNamespace, daemonSetName, sampleDaemonsetYamlRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { + t.Fatalf("Failed annotation check: %s", err.Error()) + } +} diff --git a/integration-tests/manifests/annotations/validate_annotation_methods.go b/integration-tests/manifests/annotations/validate_annotation_methods.go index 4acb6eb5c..b9f8da0e1 100644 --- a/integration-tests/manifests/annotations/validate_annotation_methods.go +++ b/integration-tests/manifests/annotations/validate_annotation_methods.go @@ -35,6 +35,9 @@ const ( injectDotNetAnnotation = "instrumentation.opentelemetry.io/inject-dotnet" autoAnnotateDotNetAnnotation = "cloudwatch.aws.amazon.com/auto-annotate-dotnet" + injectNodeJSAnnotation = "instrumentation.opentelemetry.io/inject-nodejs" + autoAnnotateNodeJSAnnotation = "cloudwatch.aws.amazon.com/auto-annotate-nodejs" + deploymentName = "sample-deployment" nginxDeploymentName = "nginx" statefulSetName = "sample-statefulset" @@ -175,8 +178,9 @@ func checkNameSpaceAnnotations(t *testing.T, clientSet *kubernetes.Clientset, ex fmt.Println("There was an error getting namespace, ", err) return false } + for _, annotation := range expectedAnnotations { - fmt.Printf("\n This is the annotation: %v and its status %v, namespace name: %v, \n", annotation, ns.Status, ns.Name) + fmt.Printf("\n This is the annotation: %v and its status %v, namespace name: %v, \n", ns.ObjectMeta.Annotations, ns.Status, ns.Name) if ns.ObjectMeta.Annotations[annotation] != "true" { time.Sleep(timeBetweenRetries) correct = false @@ -261,6 +265,25 @@ func checkIfAnnotationExists(clientset *kubernetes.Clientset, pods *v1.PodList, } fmt.Println("Annotations not found in all pods or some pods are not in Running phase. Retrying...") + cmd := exec.Command("kubectl", "rollout", "restart", "deployment", amazonControllerManager, "-n", amazonCloudwatchNamespace) + + // Run the command and capture the output + output, err := cmd.CombinedOutput() + if err != nil { + fmt.Printf("Error restarting deployment: %v\n", err) + fmt.Printf("Output: %s\n", output) + } else { + fmt.Printf("Successfully deleted deployment: %s\n", output) + } + waitCmd := exec.Command("kubectl", "wait", "--for=condition=Available", "deployment/"+amazonControllerManager, "-n", amazonCloudwatchNamespace, "--timeout=300s") + + waitOutput, err := waitCmd.CombinedOutput() + if err != nil { + fmt.Printf("Error waiting for deployment: %v\n", err) + fmt.Printf("Output: %s\n", waitOutput) + } else { + fmt.Printf("Deployment is now available: %s\n", waitOutput) + } time.Sleep(timeBetweenRetries) } } diff --git a/integration-tests/manifests/annotations/validate_annotations_deployment_test.go b/integration-tests/manifests/annotations/validate_annotations_deployment_test.go index 8c0a91cea..27697e61d 100644 --- a/integration-tests/manifests/annotations/validate_annotations_deployment_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_deployment_test.go @@ -44,6 +44,12 @@ func TestAllLanguagesDeployment(t *testing.T) { Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, StatefulSets: []string{""}, }, + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{""}, + Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, + StatefulSets: []string{""}, + }, } jsonStr, err := json.Marshal(annotationConfig) assert.Nil(t, err) @@ -51,7 +57,7 @@ func TestAllLanguagesDeployment(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } @@ -167,3 +173,40 @@ func TestDotNetOnlyDeployment(t *testing.T) { } } + +func TestNodeJSOnlyDeployment(t *testing.T) { + + clientSet := setupTest(t) + randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) + if err != nil { + panic(err) + } + randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace + uniqueNamespace := fmt.Sprintf("deployment-namespace-nodejs-only-%d", randomNumber) + + annotationConfig := auto.AnnotationConfig{ + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{""}, + Deployments: []string{filepath.Join(uniqueNamespace, deploymentName)}, + StatefulSets: []string{""}, + }, + } + jsonStr, err := json.Marshal(annotationConfig) + if err != nil { + t.Error("Error:", err) + t.Error("Error:", err) + + } + + startTime := time.Now() + updateTheOperator(t, clientSet, string(jsonStr)) + if err != nil { + t.Errorf("Failed to get deployment app: %s", err.Error()) + } + + if err := checkResourceAnnotations(t, clientSet, "deployment", uniqueNamespace, deploymentName, sampleDeploymentYamlNameRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { + t.Fatalf("Failed annotation check: %s", err.Error()) + } + +} diff --git a/integration-tests/manifests/annotations/validate_annotations_namespace_test.go b/integration-tests/manifests/annotations/validate_annotations_namespace_test.go index 4f8e97316..57edc1e22 100644 --- a/integration-tests/manifests/annotations/validate_annotations_namespace_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_namespace_test.go @@ -50,6 +50,12 @@ func TestAllLanguagesNamespace(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{""}, }, + NodeJS: auto.AnnotationResources{ + Namespaces: []string{uniqueNamespace}, + DaemonSets: []string{""}, + Deployments: []string{""}, + StatefulSets: []string{""}, + }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -58,7 +64,7 @@ func TestAllLanguagesNamespace(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if !checkNameSpaceAnnotations(t, clientSet, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, uniqueNamespace, startTime) { + if !checkNameSpaceAnnotations(t, clientSet, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, uniqueNamespace, startTime) { t.Error("Missing Languages annotations") } } @@ -184,6 +190,44 @@ func TestDotNetOnlyNamespace(t *testing.T) { } } +func TestNodeJSOnlyNamespace(t *testing.T) { + + clientSet := setupTest(t) + randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) + if err != nil { + panic(err) + } + randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace + uniqueNamespace := fmt.Sprintf("namespace-nodejs-only-%d", randomNumber) + if err := createNamespace(clientSet, uniqueNamespace); err != nil { + t.Fatalf("Failed to create/apply resoures on namespace: %v", err) + } + + defer func() { + if err := deleteNamespace(clientSet, uniqueNamespace); err != nil { + t.Fatalf("Failed to delete namespace: %v", err) + } + }() + + annotationConfig := auto.AnnotationConfig{ + NodeJS: auto.AnnotationResources{ + Namespaces: []string{uniqueNamespace}, + }, + } + jsonStr, err := json.Marshal(annotationConfig) + if err != nil { + t.Error("Error:", err) + } + + startTime := time.Now() + + updateTheOperator(t, clientSet, string(jsonStr)) + + if !checkNameSpaceAnnotations(t, clientSet, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, uniqueNamespace, startTime) { + t.Error("Missing nodejs annotations") + } +} + // Multiple resources on the same namespace should all get annotations func TestAnnotationsOnMultipleResources(t *testing.T) { diff --git a/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go b/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go index 3e25f34e9..4f8ccea04 100644 --- a/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go +++ b/integration-tests/manifests/annotations/validate_annotations_statefulset_test.go @@ -42,6 +42,12 @@ func TestAllLanguagesStatefulSet(t *testing.T) { Deployments: []string{""}, StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, }, + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{""}, + Deployments: []string{""}, + StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, + }, } jsonStr, err := json.Marshal(annotationConfig) if err != nil { @@ -49,7 +55,7 @@ func TestAllLanguagesStatefulSet(t *testing.T) { } startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectJavaAnnotation, autoAnnotateJavaAnnotation, injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation, injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } } @@ -150,7 +156,36 @@ func TestDotNetOnlyStatefulSet(t *testing.T) { startTime := time.Now() updateTheOperator(t, clientSet, string(jsonStr)) - if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectPythonAnnotation, autoAnnotatePythonAnnotation, injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectDotNetAnnotation, autoAnnotateDotNetAnnotation}, false); err != nil { + t.Fatalf("Failed annotation check: %s", err.Error()) + } +} +func TestNodeJSOnlyStatefulSet(t *testing.T) { + + clientSet := setupTest(t) + randomNumber, err := rand.Int(rand.Reader, big.NewInt(9000)) + if err != nil { + panic(err) + } + randomNumber.Add(randomNumber, big.NewInt(1000)) //adding a hash to namespace + uniqueNamespace := fmt.Sprintf("statefulset-namespace-nodejs-only-%d", randomNumber) + annotationConfig := auto.AnnotationConfig{ + NodeJS: auto.AnnotationResources{ + Namespaces: []string{""}, + DaemonSets: []string{""}, + Deployments: []string{""}, + StatefulSets: []string{filepath.Join(uniqueNamespace, statefulSetName)}, + }, + } + jsonStr, err := json.Marshal(annotationConfig) + if err != nil { + t.Error("Error:", err) + } + + startTime := time.Now() + updateTheOperator(t, clientSet, string(jsonStr)) + + if err := checkResourceAnnotations(t, clientSet, "statefulset", uniqueNamespace, statefulSetName, sampleStatefulsetYamlNameRelPath, startTime, []string{injectNodeJSAnnotation, autoAnnotateNodeJSAnnotation}, false); err != nil { t.Fatalf("Failed annotation check: %s", err.Error()) } } diff --git a/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json b/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json new file mode 100644 index 000000000..a075b8eed --- /dev/null +++ b/integration-tests/nodejs/default_instrumentation_nodejs_env_variables.json @@ -0,0 +1,11 @@ + +{ +"OTEL_AWS_APPLICATION_SIGNALS_ENABLED": "true", +"OTEL_TRACES_SAMPLER_ARG" : "endpoint=http://cloudwatch-agent.amazon-cloudwatch:2000", +"OTEL_TRACES_SAMPLER": "xray", +"OTEL_EXPORTER_OTLP_PROTOCOL": "http/protobuf", +"OTEL_EXPORTER_OTLP_TRACES_ENDPOINT" : "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces", +"OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT": "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics", +"OTEL_METRICS_EXPORTER": "none", +"OTEL_LOGS_EXPORTER": "none" +} \ No newline at end of file diff --git a/integration-tests/nodejs/sample-deployment-nodejs.yaml b/integration-tests/nodejs/sample-deployment-nodejs.yaml new file mode 100644 index 000000000..a5d57aa32 --- /dev/null +++ b/integration-tests/nodejs/sample-deployment-nodejs.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + annotations: + instrumentation.opentelemetry.io/inject-nodejs: "true" + spec: + containers: + - name: nginx + image: nginx:1.14.2 + restartPolicy: Always +status: {} \ No newline at end of file diff --git a/internal/manifests/collector/ports.go b/internal/manifests/collector/ports.go index eeb80250e..55fed0c2c 100644 --- a/internal/manifests/collector/ports.go +++ b/internal/manifests/collector/ports.go @@ -21,19 +21,22 @@ import ( ) const ( - StatsD = "statsd" - CollectD = "collectd" - XrayProxy = "aws-proxy" - XrayTraces = "aws-traces" - OtlpGrpc = "otlp-grpc" - OtlpHttp = "otlp-http" - AppSignalsGrpc = "appsignals-grpc" - AppSignalsHttp = "appsignals-http" - AppSignalsProxy = "appsignals-xray" - EMF = "emf" - EMFTcp = "emf-tcp" - EMFUdp = "emf-udp" - CWA = "cwa-" + StatsD = "statsd" + CollectD = "collectd" + XrayProxy = "aws-proxy" + XrayTraces = "aws-traces" + OtlpGrpc = "otlp-grpc" + OtlpHttp = "otlp-http" + AppSignalsGrpc = "appsig-grpc" + AppSignalsHttp = "appsig-http" + AppSignalsProxy = "appsig-xray" + AppSignalsGrpcSA = ":4315" + AppSignalsHttpSA = ":4316" + AppSignalsProxySA = ":2000" + EMF = "emf" + EMFTcp = "emf-tcp" + EMFUdp = "emf-udp" + CWA = "cwa-" ) var receiverDefaultPortsMap = map[string]int32{ @@ -79,7 +82,6 @@ func getContainerPorts(logger logr.Logger, cfg string, specPorts []corev1.Servic config, err := adapters.ConfigStructFromJSONString(cfg) if err != nil { logger.Error(err, "error parsing cw agent config") - servicePorts = PortMapToServicePortList(AppSignalsPortToServicePortMap) } else { servicePorts = getServicePortsFromCWAgentConfig(logger, config) } @@ -115,13 +117,20 @@ func getContainerPorts(logger logr.Logger, cfg string, specPorts []corev1.Servic } func getServicePortsFromCWAgentConfig(logger logr.Logger, config *adapters.CwaConfig) []corev1.ServicePort { - servicePortsMap := getAppSignalsServicePortsMap() + servicePortsMap := make(map[int32][]corev1.ServicePort) + + getApplicationSignalsReceiversServicePorts(logger, config, servicePortsMap) getMetricsReceiversServicePorts(logger, config, servicePortsMap) getLogsReceiversServicePorts(logger, config, servicePortsMap) getTracesReceiversServicePorts(logger, config, servicePortsMap) + return PortMapToServicePortList(servicePortsMap) } +func isAppSignalEnabled(config *adapters.CwaConfig) bool { + return config.GetApplicationSignalsConfig() != nil +} + func getMetricsReceiversServicePorts(logger logr.Logger, config *adapters.CwaConfig, servicePortsMap map[int32][]corev1.ServicePort) { if config.Metrics == nil || config.Metrics.MetricsCollected == nil { return @@ -221,6 +230,16 @@ func getAppSignalsServicePortsMap() map[int32][]corev1.ServicePort { return servicePortMap } +func getApplicationSignalsReceiversServicePorts(logger logr.Logger, config *adapters.CwaConfig, servicePortsMap map[int32][]corev1.ServicePort) { + if !isAppSignalEnabled(config) { + return + } + + getReceiverServicePort(logger, AppSignalsGrpcSA, AppSignalsGrpc, corev1.ProtocolTCP, servicePortsMap) + getReceiverServicePort(logger, AppSignalsHttpSA, AppSignalsHttp, corev1.ProtocolTCP, servicePortsMap) + getReceiverServicePort(logger, AppSignalsProxySA, AppSignalsProxy, corev1.ProtocolTCP, servicePortsMap) +} + func portFromEndpoint(endpoint string) (int32, error) { var err error var port int64 diff --git a/internal/manifests/collector/ports_test.go b/internal/manifests/collector/ports_test.go index 830d5ee58..bade37cb7 100644 --- a/internal/manifests/collector/ports_test.go +++ b/internal/manifests/collector/ports_test.go @@ -16,13 +16,7 @@ import ( func TestStatsDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/statsDAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 4, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 1, len(containerPorts)) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) assert.Equal(t, CWA+StatsD, containerPorts[CWA+StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+StatsD].Protocol) @@ -31,13 +25,7 @@ func TestStatsDGetContainerPorts(t *testing.T) { func TestDefaultStatsDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/statsDDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 4, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 1, len(containerPorts)) assert.Equal(t, int32(8125), containerPorts[StatsD].ContainerPort) assert.Equal(t, StatsD, containerPorts[StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[StatsD].Protocol) @@ -46,13 +34,7 @@ func TestDefaultStatsDGetContainerPorts(t *testing.T) { func TestCollectDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/collectDAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 4, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 1, len(containerPorts)) assert.Equal(t, int32(25936), containerPorts[CWA+CollectD].ContainerPort) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+CollectD].Protocol) } @@ -60,28 +42,28 @@ func TestCollectDGetContainerPorts(t *testing.T) { func TestDefaultCollectDGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/collectDDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 4, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 1, len(containerPorts)) assert.Equal(t, int32(25826), containerPorts[CollectD].ContainerPort) assert.Equal(t, CollectD, containerPorts[CollectD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CollectD].Protocol) } +func TestApplicationSignals(t *testing.T) { + cfg := getJSONStringFromFile("./test-resources/application_signals.json") + containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) + assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, int32(4315), containerPorts[CWA+AppSignalsGrpc].ContainerPort) + assert.Equal(t, CWA+AppSignalsGrpc, containerPorts[CWA+AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[CWA+AppSignalsHttp].ContainerPort) + assert.Equal(t, CWA+AppSignalsHttp, containerPorts[CWA+AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[CWA+AppSignalsProxy].ContainerPort) + assert.Equal(t, CWA+AppSignalsProxy, containerPorts[CWA+AppSignalsProxy].Name) +} + func TestEMFGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/emfAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 2, len(containerPorts)) assert.Equal(t, int32(25888), containerPorts[EMFTcp].ContainerPort) assert.Equal(t, EMFTcp, containerPorts[EMFTcp].Name) assert.Equal(t, int32(25888), containerPorts[EMFUdp].ContainerPort) @@ -92,13 +74,9 @@ func TestEMFGetContainerPorts(t *testing.T) { func TestXrayAndOTLPGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAndOTLPAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, int32(2000), containerPorts[CWA+XrayTraces].ContainerPort) + assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, int32(4327), containerPorts[CWA+OtlpGrpc].ContainerPort) assert.Equal(t, CWA+OtlpGrpc, containerPorts[CWA+OtlpGrpc].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[CWA+OtlpGrpc].Protocol) @@ -110,13 +88,9 @@ func TestXrayAndOTLPGetContainerPorts(t *testing.T) { func TestDefaultXRayAndOTLPGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAndOTLPDefaultAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 3, len(containerPorts)) + assert.Equal(t, int32(2000), containerPorts[XrayTraces].ContainerPort) + assert.Equal(t, XrayTraces, containerPorts[XrayTraces].Name) assert.Equal(t, int32(4317), containerPorts[OtlpGrpc].ContainerPort) assert.Equal(t, OtlpGrpc, containerPorts[OtlpGrpc].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[OtlpGrpc].Protocol) @@ -128,13 +102,7 @@ func TestDefaultXRayAndOTLPGetContainerPorts(t *testing.T) { func TestXRayGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 2, len(containerPorts)) assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+XrayTraces].Protocol) @@ -147,13 +115,9 @@ func TestXRayWithBindAddressDefaultGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") strings.Replace(cfg, "2800", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 2, len(containerPorts)) + assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) + assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, int32(2900), containerPorts[CWA+XrayProxy].ContainerPort) assert.Equal(t, CWA+XrayProxy, containerPorts[CWA+XrayProxy].Name) assert.Equal(t, corev1.ProtocolTCP, containerPorts[CWA+XrayProxy].Protocol) @@ -163,13 +127,7 @@ func TestXRayWithTCPProxyBindAddressDefaultGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/xrayAgentConfig.json") strings.Replace(cfg, "2900", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 5, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 2, len(containerPorts)) assert.Equal(t, int32(2800), containerPorts[CWA+XrayTraces].ContainerPort) assert.Equal(t, CWA+XrayTraces, containerPorts[CWA+XrayTraces].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+XrayTraces].Protocol) @@ -178,13 +136,7 @@ func TestXRayWithTCPProxyBindAddressDefaultGetContainerPorts(t *testing.T) { func TestNilMetricsGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/nilMetrics.json") containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 3, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 0, len(containerPorts)) } func TestMultipleReceiversGetContainerPorts(t *testing.T) { @@ -192,12 +144,12 @@ func TestMultipleReceiversGetContainerPorts(t *testing.T) { strings.Replace(cfg, "2900", "2000", 1) containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) assert.Equal(t, 11, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, int32(4315), containerPorts[CWA+AppSignalsGrpc].ContainerPort) + assert.Equal(t, CWA+AppSignalsGrpc, containerPorts[CWA+AppSignalsGrpc].Name) + assert.Equal(t, int32(4316), containerPorts[CWA+AppSignalsHttp].ContainerPort) + assert.Equal(t, CWA+AppSignalsHttp, containerPorts[CWA+AppSignalsHttp].Name) + assert.Equal(t, int32(2000), containerPorts[CWA+AppSignalsProxy].ContainerPort) + assert.Equal(t, CWA+AppSignalsProxy, containerPorts[CWA+AppSignalsProxy].Name) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) assert.Equal(t, CWA+StatsD, containerPorts[CWA+StatsD].Name) assert.Equal(t, corev1.ProtocolUDP, containerPorts[CWA+StatsD].Protocol) @@ -234,11 +186,9 @@ func TestSpecPortsOverrideGetContainerPorts(t *testing.T) { }, } containerPorts := getContainerPorts(logger, cfg, specPorts) - assert.Equal(t, 4, len(containerPorts)) + assert.Equal(t, 3, len(containerPorts)) assert.Equal(t, int32(12345), containerPorts[AppSignalsGrpc].ContainerPort) assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) assert.Equal(t, int32(12346), containerPorts[AppSignalsProxy].ContainerPort) assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) assert.Equal(t, int32(8135), containerPorts[CWA+StatsD].ContainerPort) @@ -250,13 +200,8 @@ func TestInvalidConfigGetContainerPorts(t *testing.T) { cfg := getJSONStringFromFile("./test-resources/nilMetrics.json") cfg = cfg + "," containerPorts := getContainerPorts(logger, cfg, []corev1.ServicePort{}) - assert.Equal(t, 3, len(containerPorts)) - assert.Equal(t, int32(4315), containerPorts[AppSignalsGrpc].ContainerPort) - assert.Equal(t, AppSignalsGrpc, containerPorts[AppSignalsGrpc].Name) - assert.Equal(t, int32(4316), containerPorts[AppSignalsHttp].ContainerPort) - assert.Equal(t, AppSignalsHttp, containerPorts[AppSignalsHttp].Name) - assert.Equal(t, int32(2000), containerPorts[AppSignalsProxy].ContainerPort) - assert.Equal(t, AppSignalsProxy, containerPorts[AppSignalsProxy].Name) + assert.Equal(t, 0, len(containerPorts)) + } func getJSONStringFromFile(path string) string { diff --git a/internal/manifests/collector/test-resources/application_signals.json b/internal/manifests/collector/test-resources/application_signals.json new file mode 100644 index 000000000..48decd3c4 --- /dev/null +++ b/internal/manifests/collector/test-resources/application_signals.json @@ -0,0 +1,7 @@ +{ + "logs": { + "metrics_collected": { + "application_signals": {} + } + } +} diff --git a/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json b/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json index 74095a9ec..59b7584a1 100644 --- a/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json +++ b/internal/manifests/collector/test-resources/multipleReceiversAgentConfig.json @@ -16,7 +16,8 @@ }, "logs": { "metrics_collected": { - "emf": {} + "emf": {}, + "application_signals": {} } }, "traces": { diff --git a/main.go b/main.go index 9c6bd260b..0b033475a 100644 --- a/main.go +++ b/main.go @@ -49,6 +49,7 @@ const ( autoInstrumentationJavaImageRepository = "public.ecr.aws/aws-observability/adot-autoinstrumentation-java" autoInstrumentationPythonImageRepository = "public.ecr.aws/aws-observability/adot-autoinstrumentation-python" autoInstrumentationDotNetImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet" + autoInstrumentationNodeJSImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs" dcgmExporterImageRepository = "nvcr.io/nvidia/k8s/dcgm-exporter" neuronMonitorImageRepository = "public.ecr.aws/neuron" targetAllocatorImageRepository = "ghcr.io/open-telemetry/opentelemetry-operator/target-allocator" @@ -119,6 +120,7 @@ func main() { autoInstrumentationJava string autoInstrumentationPython string autoInstrumentationDotNet string + autoInstrumentationNodeJS string autoAnnotationConfigStr string autoInstrumentationConfigStr string webhookPort int @@ -135,6 +137,7 @@ func main() { stringFlagOrEnv(&autoInstrumentationJava, "auto-instrumentation-java-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_JAVA", fmt.Sprintf("%s:%s", autoInstrumentationJavaImageRepository, v.AutoInstrumentationJava), "The default OpenTelemetry Java instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoInstrumentationPython, "auto-instrumentation-python-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_PYTHON", fmt.Sprintf("%s:%s", autoInstrumentationPythonImageRepository, v.AutoInstrumentationPython), "The default OpenTelemetry Python instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoInstrumentationDotNet, "auto-instrumentation-dotnet-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_DOTNET", fmt.Sprintf("%s:%s", autoInstrumentationDotNetImageRepository, v.AutoInstrumentationDotNet), "The default OpenTelemetry Dotnet instrumentation image. This image is used when no image is specified in the CustomResource.") + stringFlagOrEnv(&autoInstrumentationNodeJS, "auto-instrumentation-nodejs-image", "RELATED_IMAGE_AUTO_INSTRUMENTATION_NODEJS", fmt.Sprintf("%s:%s", autoInstrumentationNodeJSImageRepository, v.AutoInstrumentationNodeJS), "The default OpenTelemetry NodeJS instrumentation image. This image is used when no image is specified in the CustomResource.") stringFlagOrEnv(&autoAnnotationConfigStr, "auto-annotation-config", "AUTO_ANNOTATION_CONFIG", "", "The configuration for auto-annotation.") pflag.StringVar(&autoInstrumentationConfigStr, "auto-instrumentation-config", "", "The configuration for auto-instrumentation.") stringFlagOrEnv(&dcgmExporterImage, "dcgm-exporter-image", "RELATED_IMAGE_DCGM_EXPORTER", fmt.Sprintf("%s:%s", dcgmExporterImageRepository, v.DcgmExporter), "The default DCGM Exporter image. This image is used when no image is specified in the CustomResource.") @@ -143,7 +146,7 @@ func main() { pflag.Parse() // set instrumentation cpu and memory limits in environment variables to be used for default instrumentation; default values received from https://github.com/open-telemetry/opentelemetry-operator/blob/main/apis/v1alpha1/instrumentation_webhook.go - autoInstrumentationConfig := map[string]map[string]map[string]string{"java": {"limits": {"cpu": "500m", "memory": "64Mi"}, "requests": {"cpu": "50m", "memory": "64Mi"}}, "python": {"limits": {"cpu": "500m", "memory": "32Mi"}, "requests": {"cpu": "50m", "memory": "32Mi"}}, "dotnet": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}} + autoInstrumentationConfig := map[string]map[string]map[string]string{"java": {"limits": {"cpu": "500m", "memory": "64Mi"}, "requests": {"cpu": "50m", "memory": "64Mi"}}, "python": {"limits": {"cpu": "500m", "memory": "32Mi"}, "requests": {"cpu": "50m", "memory": "32Mi"}}, "dotnet": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}, "nodejs": {"limits": {"cpu": "500m", "memory": "128Mi"}, "requests": {"cpu": "50m", "memory": "128Mi"}}} err := json.Unmarshal([]byte(autoInstrumentationConfigStr), &autoInstrumentationConfig) if err != nil { setupLog.Info(fmt.Sprintf("Using default values: %v", autoInstrumentationConfig)) @@ -157,11 +160,15 @@ func main() { if dotNetVar, ok := autoInstrumentationConfig["dotnet"]; ok { setLangEnvVars("DOTNET", dotNetVar) } + if nodeJSVar, ok := autoInstrumentationConfig["nodejs"]; ok { + setLangEnvVars("NODEJS", nodeJSVar) + } // set supported language instrumentation images in environment variable to be used for default instrumentation os.Setenv("AUTO_INSTRUMENTATION_JAVA", autoInstrumentationJava) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", autoInstrumentationPython) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", autoInstrumentationDotNet) + os.Setenv("AUTO_INSTRUMENTATION_NODEJS", autoInstrumentationNodeJS) logger := zap.New(zap.UseFlagOptions(&opts)) ctrl.SetLogger(logger) @@ -172,6 +179,7 @@ func main() { "auto-instrumentation-java", autoInstrumentationJava, "auto-instrumentation-python", autoInstrumentationPython, "auto-instrumentation-dotnet", autoInstrumentationDotNet, + "auto-instrumentation-nodejs", autoInstrumentationNodeJS, "dcgm-exporter", dcgmExporterImage, "neuron-monitor", neuronMonitorImage, "amazon-cloudwatch-agent-target-allocator", targetAllocatorImage, @@ -188,6 +196,7 @@ func main() { config.WithAutoInstrumentationJavaImage(autoInstrumentationJava), config.WithAutoInstrumentationPythonImage(autoInstrumentationPython), config.WithAutoInstrumentationDotNetImage(autoInstrumentationDotNet), + config.WithAutoInstrumentationNodeJSImage(autoInstrumentationNodeJS), config.WithDcgmExporterImage(dcgmExporterImage), config.WithNeuronMonitorImage(neuronMonitorImage), config.WithTargetAllocatorImage(targetAllocatorImage), @@ -286,6 +295,7 @@ func main() { instrumentation.TypeJava, instrumentation.TypePython, instrumentation.TypeDotNet, + instrumentation.TypeNodeJS, ), ) mgr.GetWebhookServer().Register("/mutate-v1-workload", &webhook.Admission{ diff --git a/pkg/instrumentation/auto/config.go b/pkg/instrumentation/auto/config.go index 30ade1eef..12b5e9e6d 100644 --- a/pkg/instrumentation/auto/config.go +++ b/pkg/instrumentation/auto/config.go @@ -11,6 +11,7 @@ type AnnotationConfig struct { Java AnnotationResources `json:"java"` Python AnnotationResources `json:"python"` DotNet AnnotationResources `json:"dotnet"` + NodeJS AnnotationResources `json:"nodejs"` } func (c AnnotationConfig) getResources(instType instrumentation.Type) AnnotationResources { @@ -21,6 +22,8 @@ func (c AnnotationConfig) getResources(instType instrumentation.Type) Annotation return c.Python case instrumentation.TypeDotNet: return c.DotNet + case instrumentation.TypeNodeJS: + return c.NodeJS default: return AnnotationResources{} } diff --git a/pkg/instrumentation/auto/config_test.go b/pkg/instrumentation/auto/config_test.go index 1300ad9dc..de563df67 100644 --- a/pkg/instrumentation/auto/config_test.go +++ b/pkg/instrumentation/auto/config_test.go @@ -31,7 +31,14 @@ func TestConfig(t *testing.T) { DaemonSets: []string{"ds3"}, StatefulSets: []string{"ss3"}, }, + NodeJS: AnnotationResources{ + Namespaces: []string{"n3"}, + Deployments: []string{"d3"}, + DaemonSets: []string{"ds3"}, + StatefulSets: []string{"ss3"}, + }, } + assert.Equal(t, cfg.Java, cfg.getResources(instrumentation.TypeJava)) assert.Equal(t, []string{"n1"}, getNamespaces(cfg.Java)) assert.Equal(t, []string{"d1"}, getDeployments(cfg.Java)) @@ -42,4 +49,7 @@ func TestConfig(t *testing.T) { assert.Equal(t, []string{"ds3"}, getDaemonSets(cfg.DotNet)) assert.Equal(t, []string{"ss3"}, getStatefulSets(cfg.DotNet)) assert.Equal(t, AnnotationResources{}, cfg.getResources("invalidType")) + assert.Equal(t, cfg.NodeJS, cfg.getResources(instrumentation.TypeNodeJS)) + assert.Equal(t, []string{"ds3"}, getDaemonSets(cfg.NodeJS)) + assert.Equal(t, []string{"ss3"}, getStatefulSets(cfg.NodeJS)) } diff --git a/pkg/instrumentation/defaultinstrumentation.go b/pkg/instrumentation/defaultinstrumentation.go index e9946148c..a16857280 100644 --- a/pkg/instrumentation/defaultinstrumentation.go +++ b/pkg/instrumentation/defaultinstrumentation.go @@ -18,10 +18,10 @@ import ( ) const ( - defaultAPIVersion = "cloudwatch.aws.amazon.com/v1alpha1" - defaultInstrumenation = "java-instrumentation" - defaultNamespace = "default" - defaultKind = "Instrumentation" + defaultAPIVersion = "cloudwatch.aws.amazon.com/v1alpha1" + defaultInstrumentation = "java-instrumentation" + defaultNamespace = "default" + defaultKind = "Instrumentation" http = "http" https = "https" @@ -29,6 +29,7 @@ const ( java = "JAVA" python = "PYTHON" dotNet = "DOTNET" + nodeJS = "NODEJS" limit = "LIMIT" request = "REQUEST" ) @@ -62,6 +63,10 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo if !ok { return nil, errors.New("unable to determine dotnet instrumentation image") } + nodeJSInstrumentationImage, ok := os.LookupEnv("AUTO_INSTRUMENTATION_NODEJS") + if !ok { + return nil, errors.New("unable to determine nodejs instrumentation image") + } cloudwatchAgentServiceEndpoint := "cloudwatch-agent.amazon-cloudwatch" if isWindowsPod { @@ -86,7 +91,7 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -157,6 +162,23 @@ func getDefaultInstrumentation(agentConfig *adapters.CwaConfig, isWindowsPod boo Requests: getInstrumentationConfigForResource(dotNet, request), }, }, + NodeJS: v1alpha1.NodeJS{ + Image: nodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: fmt.Sprintf("endpoint=%s://%s:2000", exporterPrefix, cloudwatchAgentServiceEndpoint)}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: fmt.Sprintf("%s://%s:4316/v1/traces", exporterPrefix, cloudwatchAgentServiceEndpoint)}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: fmt.Sprintf("%s://%s:4316/v1/metrics", exporterPrefix, cloudwatchAgentServiceEndpoint)}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + Resources: corev1.ResourceRequirements{ + Limits: getInstrumentationConfigForResource(nodeJS, limit), + Requests: getInstrumentationConfigForResource(nodeJS, request), + }, + }, }, }, nil } diff --git a/pkg/instrumentation/defaultinstrumentation_test.go b/pkg/instrumentation/defaultinstrumentation_test.go index ebe5c3f3c..bb1d920ff 100644 --- a/pkg/instrumentation/defaultinstrumentation_test.go +++ b/pkg/instrumentation/defaultinstrumentation_test.go @@ -21,6 +21,7 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_JAVA", defaultJavaInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", defaultPythonInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", defaultDotNetInstrumentationImage) + os.Setenv("AUTO_INSTRUMENTATION_NODEJS", defaultNodeJSInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_LIMIT", "500m") os.Setenv("AUTO_INSTRUMENTATION_JAVA_MEM_LIMIT", "64Mi") os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_REQUEST", "50m") @@ -33,6 +34,10 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_LIMIT", "128Mi") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_CPU_REQUEST", "50m") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_REQUEST", "128Mi") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_LIMIT", "500m") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_LIMIT", "128Mi") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_REQUEST", "50m") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_REQUEST", "128Mi") httpInst := &v1alpha1.Instrumentation{ Status: v1alpha1.InstrumentationStatus{}, @@ -41,7 +46,7 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -130,6 +135,29 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { }, }, }, + NodeJS: v1alpha1.NodeJS{ + Image: defaultNodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=http://cloudwatch-agent.amazon-cloudwatch:2000"}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces"}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "http://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics"}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("50m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, + }, }, } httpsInst := &v1alpha1.Instrumentation{ @@ -139,7 +167,7 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -228,6 +256,29 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { }, }, }, + NodeJS: v1alpha1.NodeJS{ + Image: defaultNodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=https://cloudwatch-agent.amazon-cloudwatch:2000"}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "https://cloudwatch-agent.amazon-cloudwatch:4316/v1/traces"}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "https://cloudwatch-agent.amazon-cloudwatch:4316/v1/metrics"}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("50m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, + }, }, } @@ -286,12 +337,14 @@ func Test_getDefaultInstrumentationLinux(t *testing.T) { } }) } + } func Test_getDefaultInstrumentationWindows(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_JAVA", defaultJavaInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_PYTHON", defaultPythonInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_DOTNET", defaultDotNetInstrumentationImage) + os.Setenv("AUTO_INSTRUMENTATION_NODEJS", defaultNodeJSInstrumentationImage) os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_LIMIT", "500m") os.Setenv("AUTO_INSTRUMENTATION_JAVA_MEM_LIMIT", "64Mi") os.Setenv("AUTO_INSTRUMENTATION_JAVA_CPU_REQUEST", "50m") @@ -304,6 +357,10 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_LIMIT", "128Mi") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_CPU_REQUEST", "50m") os.Setenv("AUTO_INSTRUMENTATION_DOTNET_MEM_REQUEST", "128Mi") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_LIMIT", "500m") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_LIMIT", "128Mi") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_CPU_REQUEST", "50m") + os.Setenv("AUTO_INSTRUMENTATION_NODEJS_MEM_REQUEST", "128Mi") httpInst := &v1alpha1.Instrumentation{ Status: v1alpha1.InstrumentationStatus{}, @@ -312,7 +369,7 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -401,6 +458,29 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { }, }, }, + NodeJS: v1alpha1.NodeJS{ + Image: defaultNodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:2000"}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/traces"}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "http://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/metrics"}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("50m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, + }, }, } httpsInst := &v1alpha1.Instrumentation{ @@ -410,7 +490,7 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { Kind: defaultKind, }, ObjectMeta: metav1.ObjectMeta{ - Name: defaultInstrumenation, + Name: defaultInstrumentation, Namespace: defaultNamespace, }, Spec: v1alpha1.InstrumentationSpec{ @@ -499,6 +579,29 @@ func Test_getDefaultInstrumentationWindows(t *testing.T) { }, }, }, + NodeJS: v1alpha1.NodeJS{ + Image: defaultNodeJSInstrumentationImage, + Env: []corev1.EnvVar{ + {Name: "OTEL_AWS_APPLICATION_SIGNALS_ENABLED", Value: "true"}, + {Name: "OTEL_TRACES_SAMPLER_ARG", Value: "endpoint=https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:2000"}, + {Name: "OTEL_TRACES_SAMPLER", Value: "xray"}, + {Name: "OTEL_EXPORTER_OTLP_PROTOCOL", Value: "http/protobuf"}, + {Name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", Value: "https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/traces"}, + {Name: "OTEL_AWS_APPLICATION_SIGNALS_EXPORTER_ENDPOINT", Value: "https://cloudwatch-agent-windows-headless.amazon-cloudwatch.svc.cluster.local:4316/v1/metrics"}, + {Name: "OTEL_METRICS_EXPORTER", Value: "none"}, + {Name: "OTEL_LOGS_EXPORTER", Value: "none"}, + }, + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("500m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("50m"), + corev1.ResourceMemory: resource.MustParse("128Mi"), + }, + }, + }, }, } diff --git a/pkg/instrumentation/podmutator_test.go b/pkg/instrumentation/podmutator_test.go index f00c78540..cbf66bc2f 100644 --- a/pkg/instrumentation/podmutator_test.go +++ b/pkg/instrumentation/podmutator_test.go @@ -27,11 +27,11 @@ const ( defaultJavaInstrumentationImage = "test.registry/adot-autoinstrumentation-java:test-tag" defaultPythonInstrumentationImage = "test.registry/adot-autoinstrumentation-python:test-tag" defaultDotNetInstrumentationImage = "test.registry/adot-autoinstrumentation-dotnet:test-tag" + defaultNodeJSInstrumentationImage = "test.registry/adot-autoinstrumentation-nodejs:test-tag" ) func TestGetInstrumentationInstanceFromNameSpaceDefault(t *testing.T) { defaultInst, _ := getDefaultInstrumentation(&adapters.CwaConfig{}, false) - namespace := corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: "default-namespace", @@ -49,7 +49,6 @@ func TestGetInstrumentationInstanceFromNameSpaceDefault(t *testing.T) { assert.Nil(t, err) assert.Equal(t, defaultInst, instrumentation) - } func TestMutatePod(t *testing.T) { diff --git a/versions.txt b/versions.txt index 0133818fc..a4378289a 100644 --- a/versions.txt +++ b/versions.txt @@ -1,15 +1,15 @@ # Represents the latest stable release of the CloudWatch Agent -cloudwatch-agent=1.300041.0b681 +cloudwatch-agent=1.300045.0b810 # Represents the current release of the CloudWatch Agent Operator. -operator=1.4.1 +operator=1.7.0 # Represents the current release of ADOT language instrumentation. aws-otel-java-instrumentation=v1.32.2 aws-otel-python-instrumentation=v0.2.0 -# This needs to be updated with the latest release of ADOT SDK aws-otel-dotnet-instrumentation=1.6.0 +aws-otel-nodejs-instrumentation=0.52.1 -dcgm-exporter=3.3.3-3.3.1-ubuntu22.04 -neuron-monitor=1.0.0 +dcgm-exporter=3.3.7-3.5.0-ubuntu22.04 +neuron-monitor=1.0.1 target-allocator=0.90.0 \ No newline at end of file From dab40474de323075cc07cd7ed633de1cc2b22264 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Wed, 25 Sep 2024 14:29:13 -0400 Subject: [PATCH 82/99] Addressed comments. --- .../manifests/collector/config_replace.go | 3 +++ .../manifests/collector/configmap_test.go | 2 +- internal/manifests/collector/volume_test.go | 20 +++++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index c2e288e2d..b18fd829d 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -47,6 +47,9 @@ func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { return string(out), nil } +// ReplacePrometheusConfig replaces the prometheus configuration that the customer provides with itself (if the +// target-allocator isn't enabled) or the target_allocator configuration (if the target-allocator is enabled) +// and populates it into the prometheus.yaml file, which is seen in its PrometheusConfigMap. func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { promConfigYaml, err := instance.Spec.Prometheus.Yaml() if err != nil { diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index cae9f1ae6..24ec22feb 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -87,7 +87,7 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { fmt.Printf("failed to unmarshal config: %v", err) } - t.Run("should return expected prometheus config map", func(t *testing.T) { + t.Run("should return expected prometheus config map with no target allocator", func(t *testing.T) { expectedLabels["app.kubernetes.io/component"] = "amazon-cloudwatch-agent" expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" diff --git a/internal/manifests/collector/volume_test.go b/internal/manifests/collector/volume_test.go index be6899865..54590aa23 100644 --- a/internal/manifests/collector/volume_test.go +++ b/internal/manifests/collector/volume_test.go @@ -99,3 +99,23 @@ func TestVolumePrometheus(t *testing.T) { // check that the second volume is prometheus-config, with the config map assert.Equal(t, naming.PrometheusConfigMapVolume(), volumes[1].Name) } + +func TestVolumeNoPrometheus(t *testing.T) { + // prepare + otelcol := v1alpha1.AmazonCloudWatchAgent{ + Spec: v1alpha1.AmazonCloudWatchAgentSpec{ + Prometheus: v1alpha1.PrometheusConfig{}, + }, + } + + cfg := config.New() + + // test + volumes := Volumes(cfg, otelcol) + + // verify + assert.Len(t, volumes, 1) + + // check that it's not the prometheus-config volume, with the config map + assert.NotEqual(t, naming.PrometheusConfigMapVolume(), volumes[0].Name) +} From 0f3ca46f81c3809c8a94f77595a8b290cd7232ac Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 26 Sep 2024 02:46:29 -0400 Subject: [PATCH 83/99] Updated configmap format. --- internal/manifests/collector/collector.go | 9 ++-- .../manifests/collector/config_replace.go | 2 +- internal/manifests/collector/configmap.go | 54 ++++++++++--------- 3 files changed, 36 insertions(+), 29 deletions(-) diff --git a/internal/manifests/collector/collector.go b/internal/manifests/collector/collector.go index 6fe891957..ce393b28b 100644 --- a/internal/manifests/collector/collector.go +++ b/internal/manifests/collector/collector.go @@ -32,7 +32,6 @@ func Build(params manifests.Params) ([]client.Object, error) { params.Log.V(5).Info("not building sidecar...") } manifestFactories = append(manifestFactories, []manifests.K8sManifestFactory{ - manifests.Factory(ConfigMap), manifests.FactoryWithoutError(HorizontalPodAutoscaler), manifests.FactoryWithoutError(ServiceAccount), manifests.Factory(Service), @@ -47,8 +46,12 @@ func Build(params manifests.Params) ([]client.Object, error) { manifestFactories = append(manifestFactories, manifests.Factory(ServiceMonitor)) } } - if !params.OtelCol.Spec.Prometheus.IsEmpty() { - manifestFactories = append(manifestFactories, manifests.Factory(PrometheusConfigMap)) + configmaps, err := ConfigMaps(params) + if err != nil { + return nil, err + } + for _, configmap := range configmaps { + manifestFactories = append(manifestFactories, configmap) } for _, factory := range manifestFactories { res, err := factory(params) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index b18fd829d..270df6415 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -49,7 +49,7 @@ func ReplaceConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { // ReplacePrometheusConfig replaces the prometheus configuration that the customer provides with itself (if the // target-allocator isn't enabled) or the target_allocator configuration (if the target-allocator is enabled) -// and populates it into the prometheus.yaml file, which is seen in its PrometheusConfigMap. +// and populates it into the prometheus.yaml file, which is seen in its ConfigMap. func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, error) { promConfigYaml, err := instance.Spec.Prometheus.Yaml() if err != nil { diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index 6974ba7e4..775797c8d 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -12,17 +12,19 @@ import ( "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) -func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { +func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { + var configmaps []*corev1.ConfigMap + name := naming.ConfigMap(params.OtelCol.Name) labels := manifestutils.Labels(params.OtelCol.ObjectMeta, name, params.OtelCol.Spec.Image, ComponentAmazonCloudWatchAgent, []string{}) replacedConf, err := ReplaceConfig(params.OtelCol) if err != nil { - params.Log.V(2).Info("failed to update prometheus config to use sharded targets: ", "err", err) + params.Log.V(2).Info("failed to update config: ", "err", err) return nil, err } - return &corev1.ConfigMap{ + configmaps = append(configmaps, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: params.OtelCol.Namespace, @@ -32,28 +34,30 @@ func ConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { Data: map[string]string{ "cwagentconfig.json": replacedConf, }, - }, nil -} - -func PrometheusConfigMap(params manifests.Params) (*corev1.ConfigMap, error) { - name := naming.PrometheusConfigMap(params.OtelCol.Name) - labels := manifestutils.Labels(params.OtelCol.ObjectMeta, name, "", ComponentAmazonCloudWatchAgent, []string{}) - - replacedPrometheusConf, err := ReplacePrometheusConfig(params.OtelCol) - if err != nil { - params.Log.V(2).Info("failed to update prometheus config to use sharded targets: ", "err", err) - return nil, err + }) + + if !params.OtelCol.Spec.Prometheus.IsEmpty() { + promName := naming.PrometheusConfigMap(params.OtelCol.Name) + promLabels := manifestutils.Labels(params.OtelCol.ObjectMeta, promName, "", ComponentAmazonCloudWatchAgent, []string{}) + + replacedPrometheusConf, err := ReplacePrometheusConfig(params.OtelCol) + if err != nil { + params.Log.V(2).Info("failed to update prometheus config to use sharded targets: ", "err", err) + return nil, err + } + + configmaps = append(configmaps, &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: promName, + Namespace: params.OtelCol.Namespace, + Labels: promLabels, + Annotations: params.OtelCol.Annotations, + }, + Data: map[string]string{ + "prometheus.yaml": replacedPrometheusConf, + }, + }) } - return &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: params.OtelCol.Namespace, - Labels: labels, - Annotations: params.OtelCol.Annotations, - }, - Data: map[string]string{ - "prometheus.yaml": replacedPrometheusConf, - }, - }, nil + return configmaps, nil } From 712bf3196fe05ea1b9836d9bbbaae41fa1cc9297 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 26 Sep 2024 03:13:20 -0400 Subject: [PATCH 84/99] Fixed issues. --- internal/manifests/collector/collector.go | 15 ++++--- .../manifests/collector/configmap_test.go | 44 ++++++++++--------- 2 files changed, 32 insertions(+), 27 deletions(-) diff --git a/internal/manifests/collector/collector.go b/internal/manifests/collector/collector.go index ce393b28b..350af900d 100644 --- a/internal/manifests/collector/collector.go +++ b/internal/manifests/collector/collector.go @@ -46,13 +46,6 @@ func Build(params manifests.Params) ([]client.Object, error) { manifestFactories = append(manifestFactories, manifests.Factory(ServiceMonitor)) } } - configmaps, err := ConfigMaps(params) - if err != nil { - return nil, err - } - for _, configmap := range configmaps { - manifestFactories = append(manifestFactories, configmap) - } for _, factory := range manifestFactories { res, err := factory(params) if err != nil { @@ -61,6 +54,14 @@ func Build(params manifests.Params) ([]client.Object, error) { resourceManifests = append(resourceManifests, res) } } + configmaps, err := ConfigMaps(params) + if err != nil { + return nil, err + } + // NOTE: we cannot just unpack the slice, the type checker doesn't coerce the type correctly. + for _, configmap := range configmaps { + resourceManifests = append(resourceManifests, configmap) + } routes, err := Routes(params) if err != nil { return nil, err diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index 24ec22feb..e0f27225f 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -40,12 +40,12 @@ func TestDesiredConfigMap(t *testing.T) { } param := deploymentParams() - actual, err := ConfigMap(param) + actual, err := ConfigMaps(param) assert.NoError(t, err) - assert.Equal(t, "test", actual.Name) - assert.Equal(t, expectedLables, actual.Labels) - assert.Equal(t, expectedData, actual.Data) + assert.Equal(t, "test", actual[0].Name) + assert.Equal(t, expectedLables, actual[0].Labels) + assert.Equal(t, expectedData, actual[0].Data) }) } @@ -115,16 +115,17 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Config: "{}", Prometheus: promCfg, }, }, } - actual, err := PrometheusConfigMap(param) + actual, err := ConfigMaps(param) assert.NoError(t, err) - assert.Equal(t, "test-prometheus-config", actual.Name) - assert.Equal(t, expectedLabels, actual.Labels) - assert.Equal(t, expectedData, actual.Data) + assert.Equal(t, "test-prometheus-config", actual[1].Name) + assert.Equal(t, expectedLabels, actual[1].Labels) + assert.Equal(t, expectedData, actual[1].Data) }) @@ -160,17 +161,18 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Config: "{}", Prometheus: promCfg, }, }, } param.OtelCol.Spec.TargetAllocator.Enabled = true - actual, err := PrometheusConfigMap(param) + actual, err := ConfigMaps(param) assert.NoError(t, err) - assert.Equal(t, "test-prometheus-config", actual.GetName()) - assert.Equal(t, expectedLabels, actual.GetLabels()) - assert.Equal(t, expectedData, actual.Data) + assert.Equal(t, "test-prometheus-config", actual[1].GetName()) + assert.Equal(t, expectedLabels, actual[1].GetLabels()) + assert.Equal(t, expectedData, actual[1].Data) }) @@ -211,6 +213,7 @@ target_allocator: }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Config: "{}", Prometheus: httpTAPromCfg, TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ Enabled: true, @@ -221,12 +224,12 @@ target_allocator: } assert.NoError(t, err) param.OtelCol.Spec.TargetAllocator.Enabled = true - actual, err := PrometheusConfigMap(param) + actual, err := ConfigMaps(param) assert.NoError(t, err) - assert.Equal(t, "test-prometheus-config", actual.Name) - assert.Equal(t, expectedLabels, actual.Labels) - assert.Equal(t, expectedData, actual.Data) + assert.Equal(t, "test-prometheus-config", actual[1].Name) + assert.Equal(t, expectedLabels, actual[1].Labels) + assert.Equal(t, expectedData, actual[1].Data) }) @@ -255,6 +258,7 @@ target_allocator: }, Spec: v1alpha1.AmazonCloudWatchAgentSpec{ Image: "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:0.0.0", + Config: "{}", Prometheus: httpPromCfg, TargetAllocator: v1alpha1.AmazonCloudWatchAgentTargetAllocator{ Enabled: true, @@ -265,12 +269,12 @@ target_allocator: } assert.NoError(t, err) param.OtelCol.Spec.TargetAllocator.Enabled = true - actual, err := PrometheusConfigMap(param) + actual, err := ConfigMaps(param) assert.NoError(t, err) - assert.Equal(t, "test-prometheus-config", actual.Name) - assert.Equal(t, expectedLabels, actual.Labels) - assert.Equal(t, expectedData, actual.Data) + assert.Equal(t, "test-prometheus-config", actual[1].Name) + assert.Equal(t, expectedLabels, actual[1].Labels) + assert.Equal(t, expectedData, actual[1].Data) }) } From 9a1c4e45748ea5add817e32fd70e1c61e2012ef3 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 26 Sep 2024 15:35:47 -0400 Subject: [PATCH 85/99] Made prometheus configmap compatible with current agent prometheus input. --- internal/manifests/collector/configmap.go | 24 +++++++++++++++++++ .../manifests/collector/configmap_test.go | 13 +++++----- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index 775797c8d..6f27735f0 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -4,9 +4,14 @@ package collector import ( + "fmt" + + "gopkg.in/yaml.v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" @@ -46,6 +51,25 @@ func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { return nil, err } + if !params.OtelCol.Spec.TargetAllocator.Enabled { + replacedPrometheusConfig, err := adapters.ConfigFromString(replacedPrometheusConf) + if err != nil { + return nil, err + } + + replacedPrometheusConfProp, ok := replacedPrometheusConfig["config"] + if !ok { + return nil, fmt.Errorf("no prometheusConfig available as part of the configuration") + } + + replacedPrometheusConfPropYAML, err := yaml.Marshal(replacedPrometheusConfProp) + if err != nil { + return nil, err + } + + replacedPrometheusConf = string(replacedPrometheusConfPropYAML) + } + configmaps = append(configmaps, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: promName, diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index e0f27225f..2e49a8f57 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -92,13 +92,12 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { expectedLabels["app.kubernetes.io/name"] = "test-prometheus-config" expectedData := map[string]string{ - "prometheus.yaml": `config: - scrape_configs: - - job_name: cloudwatch-agent - scrape_interval: 10s - static_configs: - - targets: - - 0.0.0.0:8888 + "prometheus.yaml": `scrape_configs: +- job_name: cloudwatch-agent + scrape_interval: 10s + static_configs: + - targets: + - 0.0.0.0:8888 `, } From e0ddd4a22c79e64f3d503ee860e82b2942506183 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 26 Sep 2024 16:35:56 -0400 Subject: [PATCH 86/99] Made service name constant. --- internal/manifests/collector/config_replace.go | 6 +++--- internal/manifests/targetallocator/service.go | 10 +++++----- internal/naming/main.go | 5 ----- 3 files changed, 8 insertions(+), 13 deletions(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 270df6415..1692a28d9 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -8,8 +8,8 @@ import ( "fmt" "time" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator" ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" promconfig "github.com/prometheus/prometheus/config" @@ -82,7 +82,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e } if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { - updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, targetallocator.TargetAllocatorServiceName) if getCfgPromErr != nil { return "", getCfgPromErr } @@ -95,7 +95,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e return string(out), nil } - updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, targetallocator.TargetAllocatorServiceName) if err != nil { return "", err } diff --git a/internal/manifests/targetallocator/service.go b/internal/manifests/targetallocator/service.go index 1e2a12d90..0c9e47411 100644 --- a/internal/manifests/targetallocator/service.go +++ b/internal/manifests/targetallocator/service.go @@ -11,24 +11,24 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) +const TargetAllocatorServiceName = "target-allocator-service" + func Service(params manifests.Params) *corev1.Service { - name := naming.TAService(params.OtelCol.Name) version := strings.Split(params.OtelCol.Spec.TargetAllocator.Image, ":") - labels := Labels(params.OtelCol, name) + labels := Labels(params.OtelCol, TargetAllocatorServiceName) if len(version) > 1 { labels["app.kubernetes.io/version"] = version[len(version)-1] } else { labels["app.kubernetes.io/version"] = "latest" } - selector := Labels(params.OtelCol, name) + selector := Labels(params.OtelCol, TargetAllocatorServiceName) return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: naming.TAService(params.OtelCol.Name), + Name: TargetAllocatorServiceName, Namespace: params.OtelCol.Namespace, Labels: labels, }, diff --git a/internal/naming/main.go b/internal/naming/main.go index f181c8797..515d86426 100644 --- a/internal/naming/main.go +++ b/internal/naming/main.go @@ -104,11 +104,6 @@ func Route(otelcol string, prefix string) string { return DNSName(Truncate("%s-%s-route", 63, prefix, otelcol)) } -// TAService returns the name to use for the TargetAllocator service. -func TAService(otelcol string) string { - return DNSName(Truncate("%s-target-allocator", 63, otelcol)) -} - // ServiceAccount builds the service account name based on the instance. func ServiceAccount(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) From 0c6673e6689822a35a1568455fe2bb4478705984 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 26 Sep 2024 16:40:07 -0400 Subject: [PATCH 87/99] Revert "Made service name constant." This reverts commit e0ddd4a22c79e64f3d503ee860e82b2942506183. --- internal/manifests/collector/config_replace.go | 6 +++--- internal/manifests/targetallocator/service.go | 10 +++++----- internal/naming/main.go | 5 +++++ 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 1692a28d9..270df6415 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -8,8 +8,8 @@ import ( "fmt" "time" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator" ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" promconfig "github.com/prometheus/prometheus/config" @@ -82,7 +82,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e } if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { - updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, targetallocator.TargetAllocatorServiceName) + updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) if getCfgPromErr != nil { return "", getCfgPromErr } @@ -95,7 +95,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e return string(out), nil } - updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, targetallocator.TargetAllocatorServiceName) + updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) if err != nil { return "", err } diff --git a/internal/manifests/targetallocator/service.go b/internal/manifests/targetallocator/service.go index 0c9e47411..1e2a12d90 100644 --- a/internal/manifests/targetallocator/service.go +++ b/internal/manifests/targetallocator/service.go @@ -11,24 +11,24 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) -const TargetAllocatorServiceName = "target-allocator-service" - func Service(params manifests.Params) *corev1.Service { + name := naming.TAService(params.OtelCol.Name) version := strings.Split(params.OtelCol.Spec.TargetAllocator.Image, ":") - labels := Labels(params.OtelCol, TargetAllocatorServiceName) + labels := Labels(params.OtelCol, name) if len(version) > 1 { labels["app.kubernetes.io/version"] = version[len(version)-1] } else { labels["app.kubernetes.io/version"] = "latest" } - selector := Labels(params.OtelCol, TargetAllocatorServiceName) + selector := Labels(params.OtelCol, name) return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: TargetAllocatorServiceName, + Name: naming.TAService(params.OtelCol.Name), Namespace: params.OtelCol.Namespace, Labels: labels, }, diff --git a/internal/naming/main.go b/internal/naming/main.go index 515d86426..f181c8797 100644 --- a/internal/naming/main.go +++ b/internal/naming/main.go @@ -104,6 +104,11 @@ func Route(otelcol string, prefix string) string { return DNSName(Truncate("%s-%s-route", 63, prefix, otelcol)) } +// TAService returns the name to use for the TargetAllocator service. +func TAService(otelcol string) string { + return DNSName(Truncate("%s-target-allocator", 63, otelcol)) +} + // ServiceAccount builds the service account name based on the instance. func ServiceAccount(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) From 371812e5baa6fbceddbcca1f535928732f5f7bb8 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 26 Sep 2024 16:47:05 -0400 Subject: [PATCH 88/99] Make service name constant. --- Makefile | 2 +- internal/manifests/collector/config_replace.go | 4 ++-- internal/manifests/collector/config_replace_test.go | 10 +++++----- internal/manifests/collector/configmap_test.go | 8 ++++---- .../testdata/config_expected_targetallocator.yaml | 2 +- .../http_sd_config_servicemonitor_test_ta_set.yaml | 2 +- .../relabel_config_expected_with_sd_config.yaml | 2 +- .../adapters/config_to_prom_config_test.go | 6 +++--- internal/manifests/targetallocator/service.go | 7 +++---- internal/naming/main.go | 7 ++----- 10 files changed, 23 insertions(+), 27 deletions(-) diff --git a/Makefile b/Makefile index a1d5d2ebb..0e7f22dd3 100644 --- a/Makefile +++ b/Makefile @@ -156,7 +156,7 @@ vet: # Generate code .PHONY: generate -generate: controller-gen api-docs +generate: controller-gen $(CONTROLLER_GEN) object:headerFile="licensing/header.txt" paths="./..." # Build the container image, used only for local dev purposes diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 270df6415..55f18272d 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -82,7 +82,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e } if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { - updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TargetAllocatorServiceName) if getCfgPromErr != nil { return "", getCfgPromErr } @@ -95,7 +95,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e return string(out), nil } - updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService(instance.Name)) + updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TargetAllocatorServiceName) if err != nil { return "", err } diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index ac4c8e62d..c0d95e0ad 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -84,7 +84,7 @@ func TestPrometheusParser(t *testing.T) { for _, scrapeConfig := range cfg.PromConfig.ScrapeConfigs { assert.Len(t, scrapeConfig.ServiceDiscoveryConfigs, 1) assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].Name(), "http") - assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].(*http.SDConfig).URL, "http://test-target-allocator:80/jobs/"+scrapeConfig.JobName+"/targets") + assert.Equal(t, scrapeConfig.ServiceDiscoveryConfigs[0].(*http.SDConfig).URL, "http://target-allocator-service:80/jobs/"+scrapeConfig.JobName+"/targets") expectedMap[scrapeConfig.JobName] = true } for k := range expectedMap { @@ -108,7 +108,7 @@ func TestPrometheusParser(t *testing.T) { assert.NotContains(t, prometheusConfig, "scrape_configs") expectedTAConfig := map[interface{}]interface{}{ - "endpoint": "http://test-target-allocator:80", + "endpoint": "http://target-allocator-service:80", "interval": "30s", } assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) @@ -162,7 +162,7 @@ func TestPrometheusParser(t *testing.T) { assert.NotContains(t, prometheusConfig, "scrape_configs") expectedTAConfig := map[interface{}]interface{}{ - "endpoint": "http://test-target-allocator:80", + "endpoint": "http://target-allocator-service:80", "interval": "30s", } assert.Equal(t, expectedTAConfig, promCfgMap["target_allocator"]) @@ -307,7 +307,7 @@ func TestReplacePrometheusConfig(t *testing.T) { scrape_configs: - honor_labels: true http_sd_configs: - - url: http://test-target-allocator:80/jobs/service-x/targets + - url: http://target-allocator-service:80/jobs/service-x/targets job_name: service-x metric_relabel_configs: - action: keep @@ -360,7 +360,7 @@ func TestReplacePrometheusConfig(t *testing.T) { scrape_interval: 1m scrape_timeout: 10s target_allocator: - endpoint: http://test-target-allocator:80 + endpoint: http://target-allocator-service:80 interval: 30s ` diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index 2e49a8f57..de7a056a0 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -141,7 +141,7 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { "prometheus.yaml": `config: scrape_configs: - http_sd_configs: - - url: http://test-target-allocator:80/jobs/cloudwatch-agent/targets + - url: http://target-allocator-service:80/jobs/cloudwatch-agent/targets job_name: cloudwatch-agent scrape_interval: 10s `, @@ -189,10 +189,10 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { "prometheus.yaml": `config: scrape_configs: - http_sd_configs: - - url: http://test-target-allocator:80/jobs/serviceMonitor%2Ftest%2Ftest%2F0/targets + - url: http://target-allocator-service:80/jobs/serviceMonitor%2Ftest%2Ftest%2F0/targets job_name: serviceMonitor/test/test/0 target_allocator: - endpoint: http://test-target-allocator:80 + endpoint: http://target-allocator-service:80 http_sd_config: refresh_interval: 60s interval: 30s @@ -239,7 +239,7 @@ target_allocator: expectedData := map[string]string{ "prometheus.yaml": `config: {} target_allocator: - endpoint: http://test-target-allocator:80 + endpoint: http://target-allocator-service:80 interval: 30s `, } diff --git a/internal/manifests/collector/testdata/config_expected_targetallocator.yaml b/internal/manifests/collector/testdata/config_expected_targetallocator.yaml index 7742ebc74..feb3ef23e 100644 --- a/internal/manifests/collector/testdata/config_expected_targetallocator.yaml +++ b/internal/manifests/collector/testdata/config_expected_targetallocator.yaml @@ -4,5 +4,5 @@ config: scrape_interval: 1m scrape_timeout: 10s target_allocator: - endpoint: http://test-target-allocator:80 + endpoint: http://target-allocator-service:80 interval: 30s \ No newline at end of file diff --git a/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml b/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml index 3c133cf42..02dbe0b2a 100644 --- a/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml +++ b/internal/manifests/collector/testdata/http_sd_config_servicemonitor_test_ta_set.yaml @@ -11,7 +11,7 @@ config: - files: - file2.json target_allocator: - endpoint: http://test-target-allocator:80 + endpoint: http://target-allocator-service:80 interval: 30s http_sd_config: refresh_interval: 60s \ No newline at end of file diff --git a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml index ad3ed3a11..38eb86c88 100644 --- a/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml +++ b/internal/manifests/collector/testdata/relabel_config_expected_with_sd_config.yaml @@ -6,7 +6,7 @@ config: scrape_configs: - honor_labels: true http_sd_configs: - - url: http://test-target-allocator:80/jobs/service-x/targets + - url: http://target-allocator-service:80/jobs/service-x/targets job_name: service-x metric_relabel_configs: - action: keep diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 812f90a1f..9167bb856 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -199,12 +199,12 @@ func TestAddTAConfigToPromConfig(t *testing.T) { }, } - taServiceName := "test-target-allocator" + taServiceName := "target-allocator-service" expectedResult := map[interface{}]interface{}{ "config": map[interface{}]interface{}{}, "target_allocator": map[interface{}]interface{}{ - "endpoint": "http://test-target-allocator:80", + "endpoint": "http://target-allocator-service:80", "interval": "30s", }, } @@ -235,7 +235,7 @@ func TestAddTAConfigToPromConfig(t *testing.T) { }, } - taServiceName := "test-target-allocator" + taServiceName := "target-allocator-service" for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { diff --git a/internal/manifests/targetallocator/service.go b/internal/manifests/targetallocator/service.go index 1e2a12d90..d18ea4632 100644 --- a/internal/manifests/targetallocator/service.go +++ b/internal/manifests/targetallocator/service.go @@ -15,20 +15,19 @@ import ( ) func Service(params manifests.Params) *corev1.Service { - name := naming.TAService(params.OtelCol.Name) version := strings.Split(params.OtelCol.Spec.TargetAllocator.Image, ":") - labels := Labels(params.OtelCol, name) + labels := Labels(params.OtelCol, naming.TargetAllocatorServiceName) if len(version) > 1 { labels["app.kubernetes.io/version"] = version[len(version)-1] } else { labels["app.kubernetes.io/version"] = "latest" } - selector := Labels(params.OtelCol, name) + selector := Labels(params.OtelCol, naming.TargetAllocatorServiceName) return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: naming.TAService(params.OtelCol.Name), + Name: naming.TargetAllocatorServiceName, Namespace: params.OtelCol.Namespace, Labels: labels, }, diff --git a/internal/naming/main.go b/internal/naming/main.go index f181c8797..6feb4dcdf 100644 --- a/internal/naming/main.go +++ b/internal/naming/main.go @@ -4,6 +4,8 @@ // Package naming is for determining the names for components (containers, services, ...). package naming +const TargetAllocatorServiceName = "target-allocator-service" + // ConfigMap builds the name for the config map used in the AmazonCloudWatchAgent containers. func ConfigMap(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) @@ -104,11 +106,6 @@ func Route(otelcol string, prefix string) string { return DNSName(Truncate("%s-%s-route", 63, prefix, otelcol)) } -// TAService returns the name to use for the TargetAllocator service. -func TAService(otelcol string) string { - return DNSName(Truncate("%s-target-allocator", 63, otelcol)) -} - // ServiceAccount builds the service account name based on the instance. func ServiceAccount(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) From a4e74dac982aa91551bb69e50b1230c7900b9a5d Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 26 Sep 2024 16:47:27 -0400 Subject: [PATCH 89/99] Fix Makefile. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0e7f22dd3..a1d5d2ebb 100644 --- a/Makefile +++ b/Makefile @@ -156,7 +156,7 @@ vet: # Generate code .PHONY: generate -generate: controller-gen +generate: controller-gen api-docs $(CONTROLLER_GEN) object:headerFile="licensing/header.txt" paths="./..." # Build the container image, used only for local dev purposes From 557c263b3ec435e832f68a86531647b2aede89b8 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Thu, 26 Sep 2024 21:16:22 -0400 Subject: [PATCH 90/99] Remove comment. --- internal/manifests/collector/collector.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/manifests/collector/collector.go b/internal/manifests/collector/collector.go index 350af900d..4e6a9f334 100644 --- a/internal/manifests/collector/collector.go +++ b/internal/manifests/collector/collector.go @@ -58,7 +58,6 @@ func Build(params manifests.Params) ([]client.Object, error) { if err != nil { return nil, err } - // NOTE: we cannot just unpack the slice, the type checker doesn't coerce the type correctly. for _, configmap := range configmaps { resourceManifests = append(resourceManifests, configmap) } From 9ec6ae7fe2f244057d275ad1539436fb56fee794 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 27 Sep 2024 11:48:14 -0400 Subject: [PATCH 91/99] Use ConfigMapEntry(). --- internal/manifests/collector/configmap.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index 6f27735f0..f197ba1ae 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -37,7 +37,7 @@ func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { Annotations: params.OtelCol.Annotations, }, Data: map[string]string{ - "cwagentconfig.json": replacedConf, + params.Config.CollectorConfigMapEntry(): replacedConf, }, }) @@ -78,7 +78,7 @@ func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { Annotations: params.OtelCol.Annotations, }, Data: map[string]string{ - "prometheus.yaml": replacedPrometheusConf, + params.Config.PrometheusConfigMapEntry(): replacedPrometheusConf, }, }) } From f3446ecefa06d2c9f8bda19cc39c3e12e5fb1e36 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 27 Sep 2024 13:13:28 -0400 Subject: [PATCH 92/99] Use function for service name. --- internal/manifests/collector/config_replace.go | 4 ++-- internal/manifests/targetallocator/service.go | 6 +++--- internal/naming/main.go | 7 +++++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 55f18272d..256ad362a 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -82,7 +82,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e } if featuregate.EnableTargetAllocatorRewrite.IsEnabled() { - updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TargetAllocatorServiceName) + updPromCfgMap, getCfgPromErr := ta.AddTAConfigToPromConfig(promCfgMap, naming.TAService()) if getCfgPromErr != nil { return "", getCfgPromErr } @@ -95,7 +95,7 @@ func ReplacePrometheusConfig(instance v1alpha1.AmazonCloudWatchAgent) (string, e return string(out), nil } - updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TargetAllocatorServiceName) + updPromCfgMap, err := ta.AddHTTPSDConfigToPromConfig(promCfgMap, naming.TAService()) if err != nil { return "", err } diff --git a/internal/manifests/targetallocator/service.go b/internal/manifests/targetallocator/service.go index d18ea4632..0ec7c6f4c 100644 --- a/internal/manifests/targetallocator/service.go +++ b/internal/manifests/targetallocator/service.go @@ -16,18 +16,18 @@ import ( func Service(params manifests.Params) *corev1.Service { version := strings.Split(params.OtelCol.Spec.TargetAllocator.Image, ":") - labels := Labels(params.OtelCol, naming.TargetAllocatorServiceName) + labels := Labels(params.OtelCol, naming.TAService()) if len(version) > 1 { labels["app.kubernetes.io/version"] = version[len(version)-1] } else { labels["app.kubernetes.io/version"] = "latest" } - selector := Labels(params.OtelCol, naming.TargetAllocatorServiceName) + selector := Labels(params.OtelCol, naming.TAService()) return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: naming.TargetAllocatorServiceName, + Name: naming.TAService(), Namespace: params.OtelCol.Namespace, Labels: labels, }, diff --git a/internal/naming/main.go b/internal/naming/main.go index 6feb4dcdf..bb1eaf8b2 100644 --- a/internal/naming/main.go +++ b/internal/naming/main.go @@ -4,8 +4,6 @@ // Package naming is for determining the names for components (containers, services, ...). package naming -const TargetAllocatorServiceName = "target-allocator-service" - // ConfigMap builds the name for the config map used in the AmazonCloudWatchAgent containers. func ConfigMap(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) @@ -106,6 +104,11 @@ func Route(otelcol string, prefix string) string { return DNSName(Truncate("%s-%s-route", 63, prefix, otelcol)) } +// TAService returns the name to use for the TargetAllocator service. +func TAService() string { + return "target-allocator-service" +} + // ServiceAccount builds the service account name based on the instance. func ServiceAccount(otelcol string) string { return DNSName(Truncate("%s", 63, otelcol)) From acd158f4f528a32560223374c4acd49017b9e9cb Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 27 Sep 2024 13:34:01 -0400 Subject: [PATCH 93/99] Use constants isntead of ConfigMapEntry(). --- internal/manifests/collector/configmap.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index f197ba1ae..55204de55 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -17,6 +17,11 @@ import ( "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) +const ( + cwAgentFilename = "cwagentconfig.json" + promFilename = "prometheus.yaml" +) + func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { var configmaps []*corev1.ConfigMap @@ -37,7 +42,7 @@ func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { Annotations: params.OtelCol.Annotations, }, Data: map[string]string{ - params.Config.CollectorConfigMapEntry(): replacedConf, + cwAgentFilename: replacedConf, }, }) @@ -78,7 +83,7 @@ func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { Annotations: params.OtelCol.Annotations, }, Data: map[string]string{ - params.Config.PrometheusConfigMapEntry(): replacedPrometheusConf, + promFilename: replacedPrometheusConf, }, }) } From 4946b79ba784264aa17d4628f6b062dd3a45257b Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 27 Sep 2024 13:35:34 -0400 Subject: [PATCH 94/99] Use function for TAService(). --- .../adapters/config_to_prom_config_test.go | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 9167bb856..4cefeee25 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -10,6 +10,8 @@ import ( "reflect" "testing" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" @@ -199,8 +201,6 @@ func TestAddTAConfigToPromConfig(t *testing.T) { }, } - taServiceName := "target-allocator-service" - expectedResult := map[interface{}]interface{}{ "config": map[interface{}]interface{}{}, "target_allocator": map[interface{}]interface{}{ @@ -209,7 +209,7 @@ func TestAddTAConfigToPromConfig(t *testing.T) { }, } - result, err := ta.AddTAConfigToPromConfig(cfg, taServiceName) + result, err := ta.AddTAConfigToPromConfig(cfg, naming.TAService()) assert.NoError(t, err) assert.Equal(t, expectedResult, result) @@ -235,11 +235,9 @@ func TestAddTAConfigToPromConfig(t *testing.T) { }, } - taServiceName := "target-allocator-service" - for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - _, err := ta.AddTAConfigToPromConfig(tc.cfg, taServiceName) + _, err := ta.AddTAConfigToPromConfig(tc.cfg, naming.TAService()) assert.Error(t, err) assert.EqualError(t, err, tc.errText) From 801e9ebd061a7716486523479c4d172fcb809adc Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 27 Sep 2024 13:57:25 -0400 Subject: [PATCH 95/99] Use ConfigMapEntry() with fixed tests. --- internal/config/main_test.go | 2 ++ internal/config/options.go | 5 +++++ internal/manifests/collector/configmap.go | 9 ++------- internal/manifests/collector/configmap_test.go | 6 ++++++ 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/internal/config/main_test.go b/internal/config/main_test.go index 1b8d279a5..b8a9ac7e6 100644 --- a/internal/config/main_test.go +++ b/internal/config/main_test.go @@ -16,9 +16,11 @@ func TestNewConfig(t *testing.T) { cfg := config.New( config.WithCollectorImage("some-image"), config.WithCollectorConfigMapEntry("some-config.yaml"), + config.WithPrometheusConfigMapEntry("some-prom-config.yaml"), ) // test assert.Equal(t, "some-image", cfg.CollectorImage()) assert.Equal(t, "some-config.yaml", cfg.CollectorConfigMapEntry()) + assert.Equal(t, "some-prom-config.yaml", cfg.PrometheusConfigMapEntry()) } diff --git a/internal/config/options.go b/internal/config/options.go index d68576678..4fa872249 100644 --- a/internal/config/options.go +++ b/internal/config/options.go @@ -45,6 +45,11 @@ func WithCollectorConfigMapEntry(s string) Option { o.collectorConfigMapEntry = s } } +func WithPrometheusConfigMapEntry(s string) Option { + return func(o *options) { + o.prometheusConfigMapEntry = s + } +} func WithLogger(logger logr.Logger) Option { return func(o *options) { o.logger = logger diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index 55204de55..f197ba1ae 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -17,11 +17,6 @@ import ( "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) -const ( - cwAgentFilename = "cwagentconfig.json" - promFilename = "prometheus.yaml" -) - func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { var configmaps []*corev1.ConfigMap @@ -42,7 +37,7 @@ func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { Annotations: params.OtelCol.Annotations, }, Data: map[string]string{ - cwAgentFilename: replacedConf, + params.Config.CollectorConfigMapEntry(): replacedConf, }, }) @@ -83,7 +78,7 @@ func ConfigMaps(params manifests.Params) ([]*corev1.ConfigMap, error) { Annotations: params.OtelCol.Annotations, }, Data: map[string]string{ - promFilename: replacedPrometheusConf, + params.Config.PrometheusConfigMapEntry(): replacedPrometheusConf, }, }) } diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index de7a056a0..be3f4d9a1 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -8,6 +8,8 @@ import ( "os" "testing" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "gopkg.in/yaml.v2" colfeaturegate "go.opentelemetry.io/collector/featuregate" @@ -102,6 +104,7 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { } param := manifests.Params{ + Config: config.New(), OtelCol: v1alpha1.AmazonCloudWatchAgent{ TypeMeta: metav1.TypeMeta{ Kind: "cloudwatch.aws.amazon.com", @@ -148,6 +151,7 @@ func TestDesiredPrometheusConfigMap(t *testing.T) { } param := manifests.Params{ + Config: config.New(), OtelCol: v1alpha1.AmazonCloudWatchAgent{ TypeMeta: metav1.TypeMeta{ Kind: "cloudwatch.aws.amazon.com", @@ -200,6 +204,7 @@ target_allocator: } param := manifests.Params{ + Config: config.New(), OtelCol: v1alpha1.AmazonCloudWatchAgent{ TypeMeta: metav1.TypeMeta{ Kind: "cloudwatch.aws.amazon.com", @@ -245,6 +250,7 @@ target_allocator: } param := manifests.Params{ + Config: config.New(), OtelCol: v1alpha1.AmazonCloudWatchAgent{ TypeMeta: metav1.TypeMeta{ Kind: "cloudwatch.aws.amazon.com", From 2519ad110c3eefeea8e3e9576599b07a01e924b7 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 27 Sep 2024 14:04:11 -0400 Subject: [PATCH 96/99] Test ConfigMapEntry() for TA. --- internal/config/main_test.go | 2 ++ internal/config/options.go | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/internal/config/main_test.go b/internal/config/main_test.go index b8a9ac7e6..5fc5381e4 100644 --- a/internal/config/main_test.go +++ b/internal/config/main_test.go @@ -16,11 +16,13 @@ func TestNewConfig(t *testing.T) { cfg := config.New( config.WithCollectorImage("some-image"), config.WithCollectorConfigMapEntry("some-config.yaml"), + config.WithTargetAllocatorConfigMapEntry("some-ta-config.yaml"), config.WithPrometheusConfigMapEntry("some-prom-config.yaml"), ) // test assert.Equal(t, "some-image", cfg.CollectorImage()) assert.Equal(t, "some-config.yaml", cfg.CollectorConfigMapEntry()) + assert.Equal(t, "some-ta-config.yaml", cfg.TargetAllocatorConfigMapEntry()) assert.Equal(t, "some-prom-config.yaml", cfg.PrometheusConfigMapEntry()) } diff --git a/internal/config/options.go b/internal/config/options.go index 4fa872249..514ef6245 100644 --- a/internal/config/options.go +++ b/internal/config/options.go @@ -45,6 +45,11 @@ func WithCollectorConfigMapEntry(s string) Option { o.collectorConfigMapEntry = s } } +func WithTargetAllocatorConfigMapEntry(s string) Option { + return func(o *options) { + o.targetAllocatorConfigMapEntry = s + } +} func WithPrometheusConfigMapEntry(s string) Option { return func(o *options) { o.prometheusConfigMapEntry = s From deb08d53aa6f93ab6b3cbf35a94274f634646a51 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 27 Sep 2024 16:12:11 -0400 Subject: [PATCH 97/99] Made target port 8080. --- .../targetallocator/adapters/config_to_prom_config.go | 6 ++++-- internal/manifests/targetallocator/container.go | 2 +- internal/manifests/targetallocator/service.go | 4 ++-- internal/manifests/targetallocator/service_test.go | 2 +- internal/naming/port.go | 5 +++++ 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index af3150090..af0ea02ba 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -9,6 +9,8 @@ import ( "net/url" "regexp" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" ) @@ -194,7 +196,7 @@ func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServi escapedJob := url.QueryEscape(jobName) scrapeConfig["http_sd_configs"] = []interface{}{ map[string]interface{}{ - "url": fmt.Sprintf("http://%s:80/jobs/%s/targets", taServiceName, escapedJob), + "url": fmt.Sprintf("http://%s:%d/jobs/%s/targets", taServiceName, naming.TargetAllocatorPort, escapedJob), }, } } @@ -226,7 +228,7 @@ func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceNa return nil, errorNotAMap("target_allocator") } - targetAllocatorCfg["endpoint"] = fmt.Sprintf("http://%s:80", taServiceName) + targetAllocatorCfg["endpoint"] = fmt.Sprintf("http://%s:%d", taServiceName, naming.TargetAllocatorPort) targetAllocatorCfg["interval"] = "30s" // Remove the scrape_configs key from the map diff --git a/internal/manifests/targetallocator/container.go b/internal/manifests/targetallocator/container.go index 619f2550c..3f5a5dea5 100644 --- a/internal/manifests/targetallocator/container.go +++ b/internal/manifests/targetallocator/container.go @@ -23,7 +23,7 @@ func Container(cfg config.Config, logger logr.Logger, otelcol v1alpha1.AmazonClo ports := make([]corev1.ContainerPort, 0) ports = append(ports, corev1.ContainerPort{ Name: "http", - ContainerPort: 8080, + ContainerPort: naming.TargetAllocatorTargetPort, Protocol: corev1.ProtocolTCP, }) diff --git a/internal/manifests/targetallocator/service.go b/internal/manifests/targetallocator/service.go index 0ec7c6f4c..ba8690b40 100644 --- a/internal/manifests/targetallocator/service.go +++ b/internal/manifests/targetallocator/service.go @@ -35,8 +35,8 @@ func Service(params manifests.Params) *corev1.Service { Selector: selector, Ports: []corev1.ServicePort{{ Name: "targetallocation", - Port: 80, - TargetPort: intstr.FromString("http"), + Port: naming.TargetAllocatorPort, + TargetPort: intstr.FromInt32(naming.TargetAllocatorTargetPort), }}, }, } diff --git a/internal/manifests/targetallocator/service_test.go b/internal/manifests/targetallocator/service_test.go index 1391d64fc..01ec4b226 100644 --- a/internal/manifests/targetallocator/service_test.go +++ b/internal/manifests/targetallocator/service_test.go @@ -24,7 +24,7 @@ func TestServicePorts(t *testing.T) { Log: logger, } - ports := []v1.ServicePort{{Name: "targetallocation", Port: 80, TargetPort: intstr.FromString("http")}} + ports := []v1.ServicePort{{Name: "targetallocation", Port: 80, TargetPort: intstr.FromInt32(8080)}} s := Service(params) diff --git a/internal/naming/port.go b/internal/naming/port.go index 5cac9f3c5..7c7285d53 100644 --- a/internal/naming/port.go +++ b/internal/naming/port.go @@ -9,6 +9,11 @@ import ( "strings" ) +const ( + TargetAllocatorPort = 80 + TargetAllocatorTargetPort = 8080 +) + var ( // DNS_LABEL constraints: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names dnsLabelValidation = regexp.MustCompile("^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$") From ae90c31b25faf27b95a665845647f5a1fd25a428 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Fri, 27 Sep 2024 18:14:17 -0400 Subject: [PATCH 98/99] Addressed nits. --- .../targetallocator/adapters/config_to_prom_config.go | 4 ++-- internal/manifests/targetallocator/container.go | 2 +- internal/manifests/targetallocator/service.go | 4 ++-- internal/naming/port.go | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index af0ea02ba..b459c1545 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -196,7 +196,7 @@ func AddHTTPSDConfigToPromConfig(prometheus map[interface{}]interface{}, taServi escapedJob := url.QueryEscape(jobName) scrapeConfig["http_sd_configs"] = []interface{}{ map[string]interface{}{ - "url": fmt.Sprintf("http://%s:%d/jobs/%s/targets", taServiceName, naming.TargetAllocatorPort, escapedJob), + "url": fmt.Sprintf("http://%s:%d/jobs/%s/targets", taServiceName, naming.TargetAllocatorServicePort, escapedJob), }, } } @@ -228,7 +228,7 @@ func AddTAConfigToPromConfig(prometheus map[interface{}]interface{}, taServiceNa return nil, errorNotAMap("target_allocator") } - targetAllocatorCfg["endpoint"] = fmt.Sprintf("http://%s:%d", taServiceName, naming.TargetAllocatorPort) + targetAllocatorCfg["endpoint"] = fmt.Sprintf("http://%s:%d", taServiceName, naming.TargetAllocatorServicePort) targetAllocatorCfg["interval"] = "30s" // Remove the scrape_configs key from the map diff --git a/internal/manifests/targetallocator/container.go b/internal/manifests/targetallocator/container.go index 3f5a5dea5..3eff9cac9 100644 --- a/internal/manifests/targetallocator/container.go +++ b/internal/manifests/targetallocator/container.go @@ -23,7 +23,7 @@ func Container(cfg config.Config, logger logr.Logger, otelcol v1alpha1.AmazonClo ports := make([]corev1.ContainerPort, 0) ports = append(ports, corev1.ContainerPort{ Name: "http", - ContainerPort: naming.TargetAllocatorTargetPort, + ContainerPort: naming.TargetAllocatorContainerPort, Protocol: corev1.ProtocolTCP, }) diff --git a/internal/manifests/targetallocator/service.go b/internal/manifests/targetallocator/service.go index ba8690b40..73a1221a8 100644 --- a/internal/manifests/targetallocator/service.go +++ b/internal/manifests/targetallocator/service.go @@ -35,8 +35,8 @@ func Service(params manifests.Params) *corev1.Service { Selector: selector, Ports: []corev1.ServicePort{{ Name: "targetallocation", - Port: naming.TargetAllocatorPort, - TargetPort: intstr.FromInt32(naming.TargetAllocatorTargetPort), + Port: naming.TargetAllocatorServicePort, + TargetPort: intstr.FromInt32(naming.TargetAllocatorContainerPort), }}, }, } diff --git a/internal/naming/port.go b/internal/naming/port.go index 7c7285d53..460586b23 100644 --- a/internal/naming/port.go +++ b/internal/naming/port.go @@ -10,8 +10,8 @@ import ( ) const ( - TargetAllocatorPort = 80 - TargetAllocatorTargetPort = 8080 + TargetAllocatorServicePort = 80 + TargetAllocatorContainerPort = 8080 ) var ( From 1986ad73686aed347467cc4ec0acddd525517ea3 Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 1 Oct 2024 15:51:28 -0400 Subject: [PATCH 99/99] Fix imports. --- apis/v1alpha1/collector_webhook.go | 8 +++----- apis/v1alpha1/collector_webhook_test.go | 5 ++--- .../collector/collector_test.go | 5 ++--- .../config/config_test.go | 3 +-- controllers/common.go | 3 +-- integration-tests/eks/validateResources_test.go | 1 - .../annotations/validate_annotation_methods.go | 12 +++++------- .../manifests/cmd/validate_instrumentation_vars.go | 3 +-- internal/manifests/collector/config_replace.go | 7 +++---- internal/manifests/collector/config_replace_test.go | 10 ++++------ internal/manifests/collector/configmap.go | 3 +-- internal/manifests/collector/configmap_test.go | 13 ++++--------- internal/manifests/collector/ingress_test.go | 5 ++--- internal/manifests/collector/podmonitor_test.go | 7 +++---- internal/manifests/collector/ports.go | 3 +-- internal/manifests/collector/ports_test.go | 3 +-- internal/manifests/collector/service_test.go | 5 ++--- internal/manifests/dcgmexporter/service_test.go | 5 ++--- internal/manifests/neuronmonitor/service_test.go | 5 ++--- .../adapters/config_to_prom_config.go | 3 +-- .../adapters/config_to_prom_config_test.go | 6 ++---- .../manifests/targetallocator/deployment_test.go | 3 +-- pkg/featuregate/featuregate_test.go | 3 +-- pkg/instrumentation/defaultinstrumentation.go | 3 +-- pkg/instrumentation/defaultinstrumentation_test.go | 3 +-- pkg/instrumentation/sdk.go | 7 +++---- 26 files changed, 50 insertions(+), 84 deletions(-) diff --git a/apis/v1alpha1/collector_webhook.go b/apis/v1alpha1/collector_webhook.go index 5ba011235..6e0750618 100644 --- a/apis/v1alpha1/collector_webhook.go +++ b/apis/v1alpha1/collector_webhook.go @@ -7,11 +7,6 @@ import ( "context" "fmt" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" - - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" - "github.com/go-logr/logr" autoscalingv2 "k8s.io/api/autoscaling/v2" "k8s.io/apimachinery/pkg/runtime" @@ -21,6 +16,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" ) var ( diff --git a/apis/v1alpha1/collector_webhook_test.go b/apis/v1alpha1/collector_webhook_test.go index bf50160c2..cda62ae3e 100644 --- a/apis/v1alpha1/collector_webhook_test.go +++ b/apis/v1alpha1/collector_webhook_test.go @@ -9,11 +9,10 @@ import ( "os" "testing" - "github.com/stretchr/testify/require" - "gopkg.in/yaml.v2" - "github.com/go-logr/logr" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "gopkg.in/yaml.v2" appsv1 "k8s.io/api/apps/v1" autoscalingv2 "k8s.io/api/autoscaling/v2" v1 "k8s.io/api/core/v1" diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go index 002e25401..9268ea38d 100644 --- a/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go +++ b/cmd/amazon-cloudwatch-agent-target-allocator/collector/collector_test.go @@ -11,14 +11,13 @@ import ( "testing" "time" - "k8s.io/apimachinery/pkg/watch" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/kubernetes/fake" + logf "sigs.k8s.io/controller-runtime/pkg/log" "github.com/aws/amazon-cloudwatch-agent-operator/cmd/amazon-cloudwatch-agent-target-allocator/allocation" ) diff --git a/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go b/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go index b433a20a8..4de9d08e8 100644 --- a/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go +++ b/cmd/amazon-cloudwatch-agent-target-allocator/config/config_test.go @@ -9,9 +9,8 @@ import ( "time" commonconfig "github.com/prometheus/common/config" - promconfig "github.com/prometheus/prometheus/config" - "github.com/prometheus/common/model" + promconfig "github.com/prometheus/prometheus/config" "github.com/prometheus/prometheus/discovery" "github.com/prometheus/prometheus/discovery/file" "github.com/stretchr/testify/assert" diff --git a/controllers/common.go b/controllers/common.go index 0f5d8660f..02ea0d2d0 100644 --- a/controllers/common.go +++ b/controllers/common.go @@ -19,10 +19,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator" ) diff --git a/integration-tests/eks/validateResources_test.go b/integration-tests/eks/validateResources_test.go index 0d79e2e18..9e57d5568 100644 --- a/integration-tests/eks/validateResources_test.go +++ b/integration-tests/eks/validateResources_test.go @@ -15,7 +15,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - arv1 "k8s.io/api/admissionregistration/v1" appsV1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" diff --git a/integration-tests/manifests/annotations/validate_annotation_methods.go b/integration-tests/manifests/annotations/validate_annotation_methods.go index b9f8da0e1..9e95ef950 100644 --- a/integration-tests/manifests/annotations/validate_annotation_methods.go +++ b/integration-tests/manifests/annotations/validate_annotation_methods.go @@ -6,25 +6,23 @@ package annotations import ( "context" "fmt" - "strconv" - "testing" - - "github.com/google/uuid" - - "github.com/aws/amazon-cloudwatch-agent-operator/integration-tests/util" - "os" "os/exec" "path/filepath" + "strconv" "strings" + "testing" "time" + "github.com/google/uuid" appsV1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" + + "github.com/aws/amazon-cloudwatch-agent-operator/integration-tests/util" ) const ( diff --git a/integration-tests/manifests/cmd/validate_instrumentation_vars.go b/integration-tests/manifests/cmd/validate_instrumentation_vars.go index 96cca63e2..746bb4c8c 100644 --- a/integration-tests/manifests/cmd/validate_instrumentation_vars.go +++ b/integration-tests/manifests/cmd/validate_instrumentation_vars.go @@ -13,9 +13,8 @@ import ( "strings" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/clientcmd" - "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" ) func main() { diff --git a/internal/manifests/collector/config_replace.go b/internal/manifests/collector/config_replace.go index 256ad362a..0ecad3cea 100644 --- a/internal/manifests/collector/config_replace.go +++ b/internal/manifests/collector/config_replace.go @@ -8,16 +8,15 @@ import ( "fmt" "time" - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" - "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" - promconfig "github.com/prometheus/prometheus/config" _ "github.com/prometheus/prometheus/discovery/install" // Package install has the side-effect of registering all builtin. "gopkg.in/yaml.v2" "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" + ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" ) type targetAllocator struct { diff --git a/internal/manifests/collector/config_replace_test.go b/internal/manifests/collector/config_replace_test.go index c0d95e0ad..0f6d47079 100644 --- a/internal/manifests/collector/config_replace_test.go +++ b/internal/manifests/collector/config_replace_test.go @@ -8,18 +8,16 @@ import ( "os" "testing" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" - "github.com/prometheus/prometheus/discovery/http" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" colfeaturegate "go.opentelemetry.io/collector/featuregate" "gopkg.in/yaml.v2" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" ) diff --git a/internal/manifests/collector/configmap.go b/internal/manifests/collector/configmap.go index f197ba1ae..225298f4d 100644 --- a/internal/manifests/collector/configmap.go +++ b/internal/manifests/collector/configmap.go @@ -10,9 +10,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) diff --git a/internal/manifests/collector/configmap_test.go b/internal/manifests/collector/configmap_test.go index be3f4d9a1..1502d918a 100644 --- a/internal/manifests/collector/configmap_test.go +++ b/internal/manifests/collector/configmap_test.go @@ -8,20 +8,15 @@ import ( "os" "testing" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" - - "gopkg.in/yaml.v2" - + "github.com/stretchr/testify/assert" colfeaturegate "go.opentelemetry.io/collector/featuregate" - - "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" - + "gopkg.in/yaml.v2" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" - - "github.com/stretchr/testify/assert" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/featuregate" ) func TestDesiredConfigMap(t *testing.T) { diff --git a/internal/manifests/collector/ingress_test.go b/internal/manifests/collector/ingress_test.go index a219053d9..c87bb3eef 100644 --- a/internal/manifests/collector/ingress_test.go +++ b/internal/manifests/collector/ingress_test.go @@ -14,11 +14,10 @@ import ( networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) const testFileIngress = "testdata/ingress_testdata.yaml" diff --git a/internal/manifests/collector/podmonitor_test.go b/internal/manifests/collector/podmonitor_test.go index c7614c061..5cca1f744 100644 --- a/internal/manifests/collector/podmonitor_test.go +++ b/internal/manifests/collector/podmonitor_test.go @@ -7,13 +7,12 @@ package collector import ( "fmt" - - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "testing" "github.com/stretchr/testify/assert" - "testing" + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" ) func sidecarParams() manifests.Params { diff --git a/internal/manifests/collector/ports.go b/internal/manifests/collector/ports.go index 55fed0c2c..23f812c53 100644 --- a/internal/manifests/collector/ports.go +++ b/internal/manifests/collector/ports.go @@ -12,12 +12,11 @@ import ( "github.com/go-logr/logr" "go.uber.org/zap" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/validation" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" - - corev1 "k8s.io/api/core/v1" ) const ( diff --git a/internal/manifests/collector/ports_test.go b/internal/manifests/collector/ports_test.go index bade37cb7..2f4cc38c6 100644 --- a/internal/manifests/collector/ports_test.go +++ b/internal/manifests/collector/ports_test.go @@ -8,9 +8,8 @@ import ( "strings" "testing" - corev1 "k8s.io/api/core/v1" - "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" ) func TestStatsDGetContainerPorts(t *testing.T) { diff --git a/internal/manifests/collector/service_test.go b/internal/manifests/collector/service_test.go index 47c373d3a..153c5ebdc 100644 --- a/internal/manifests/collector/service_test.go +++ b/internal/manifests/collector/service_test.go @@ -12,11 +12,10 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" ) func TestExtractPortNumbersAndNames(t *testing.T) { diff --git a/internal/manifests/dcgmexporter/service_test.go b/internal/manifests/dcgmexporter/service_test.go index 3dc189dc6..f17d4c349 100644 --- a/internal/manifests/dcgmexporter/service_test.go +++ b/internal/manifests/dcgmexporter/service_test.go @@ -13,11 +13,10 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" logf "sigs.k8s.io/controller-runtime/pkg/log" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" ) var logger = logf.Log.WithName("unit-tests") diff --git a/internal/manifests/neuronmonitor/service_test.go b/internal/manifests/neuronmonitor/service_test.go index ccabcb315..505c0ead8 100644 --- a/internal/manifests/neuronmonitor/service_test.go +++ b/internal/manifests/neuronmonitor/service_test.go @@ -13,11 +13,10 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" logf "sigs.k8s.io/controller-runtime/pkg/log" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" "github.com/aws/amazon-cloudwatch-agent-operator/internal/config" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/manifestutils" ) var logger = logf.Log.WithName("unit-tests") diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config.go b/internal/manifests/targetallocator/adapters/config_to_prom_config.go index b459c1545..7991edc13 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config.go @@ -9,9 +9,8 @@ import ( "net/url" "regexp" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) func errorNoComponent(component string) error { diff --git a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go index 4cefeee25..730f5034e 100644 --- a/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go +++ b/internal/manifests/targetallocator/adapters/config_to_prom_config_test.go @@ -10,13 +10,11 @@ import ( "reflect" "testing" - "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" + "github.com/stretchr/testify/assert" "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/collector/adapters" - ta "github.com/aws/amazon-cloudwatch-agent-operator/internal/manifests/targetallocator/adapters" - - "github.com/stretchr/testify/assert" + "github.com/aws/amazon-cloudwatch-agent-operator/internal/naming" ) func TestExtractPromConfigFromConfig(t *testing.T) { diff --git a/internal/manifests/targetallocator/deployment_test.go b/internal/manifests/targetallocator/deployment_test.go index 0799288cf..997837178 100644 --- a/internal/manifests/targetallocator/deployment_test.go +++ b/internal/manifests/targetallocator/deployment_test.go @@ -8,9 +8,8 @@ import ( "os" "testing" - "gopkg.in/yaml.v2" - "github.com/stretchr/testify/assert" + "gopkg.in/yaml.v2" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/pkg/featuregate/featuregate_test.go b/pkg/featuregate/featuregate_test.go index f759506ac..d71ca1246 100644 --- a/pkg/featuregate/featuregate_test.go +++ b/pkg/featuregate/featuregate_test.go @@ -6,10 +6,9 @@ package featuregate import ( "testing" - "go.opentelemetry.io/collector/featuregate" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "go.opentelemetry.io/collector/featuregate" ) const ( diff --git a/pkg/instrumentation/defaultinstrumentation.go b/pkg/instrumentation/defaultinstrumentation.go index a16857280..4760b3050 100644 --- a/pkg/instrumentation/defaultinstrumentation.go +++ b/pkg/instrumentation/defaultinstrumentation.go @@ -8,9 +8,8 @@ import ( "fmt" "os" - "k8s.io/apimachinery/pkg/api/resource" - corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" diff --git a/pkg/instrumentation/defaultinstrumentation_test.go b/pkg/instrumentation/defaultinstrumentation_test.go index bb1d920ff..6f3cc69ad 100644 --- a/pkg/instrumentation/defaultinstrumentation_test.go +++ b/pkg/instrumentation/defaultinstrumentation_test.go @@ -8,9 +8,8 @@ import ( "reflect" "testing" - "k8s.io/apimachinery/pkg/api/resource" - corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" diff --git a/pkg/instrumentation/sdk.go b/pkg/instrumentation/sdk.go index 01b0ba368..7d0ddf761 100644 --- a/pkg/instrumentation/sdk.go +++ b/pkg/instrumentation/sdk.go @@ -12,10 +12,6 @@ import ( "unsafe" "github.com/go-logr/logr" - - "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" - "github.com/aws/amazon-cloudwatch-agent-operator/pkg/constants" - "go.opentelemetry.io/otel/attribute" semconv "go.opentelemetry.io/otel/semconv/v1.7.0" appsv1 "k8s.io/api/apps/v1" @@ -26,6 +22,9 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/aws/amazon-cloudwatch-agent-operator/apis/v1alpha1" + "github.com/aws/amazon-cloudwatch-agent-operator/pkg/constants" ) const (